r 

si 


special:  Nasdaq's  CIO  on  Trade  Center  Disaster 


Page  54 


NOVEMBER  1,  2001  *  $9.00 


cio.com 


CIO 


The  Magazine  for  Information  Executives 


INFORMATION  SECURITY  &  PRIVACY 


SEE  YOU  IN 


.  ■*  ■  - 


'wmm 


Flood  of  Lawsuits  over 


Page  62 


PLUS 


HarvardLegal  Expert 

tiller  on  X 
Your  Privacy  Obligations 


i 


Page* 


DESIGN  A  FLEXIBLE  - 
SUPPLY  CHAIN 


.JM 


Tales  and  Tips 
From  the 
Front  Lines 


Page  96 


I.T.  OUTSOURCING 

There’s  a  New 
Service  Model 
In  Town 

Page  78 


.  M 


is®./  - 


gjKiMiWi 


U*r'  .m*  y.  s  vt  v 


Arthur  Miller, 


who  hauled  CVS 


into  court  over 


privacy  violations, 


reveals  how  your 
company  cawayoid 
a  similar  fate. 


R\ . ' 


sw 


■m- 


The  new  Web  site  must: 


1)  Understand  and  interact  with  customers 

2)  Manage  supplier  relationships  online 

3)  Not  ruin  your  life 
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Netcraft  2000— includes  Web  sites  running  on  previous  versions  of  Microsoft  Windows  and  Microsoft  Commerce  Server.  ©  2001  Microsoft  Corporation.  All  rights  reserved.  Microsoft  and  BizTalk  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation 


Upper 


management  is  asking  for  the  moon:  quickly  and  cost-efficiently 
develop  a  site  that  offers  a  personalized  experience  for  customers 
and  partners.  In  the  past,  building-in  the  kind  of  robust  data  analytics 
you’re  being  asked  for  could  take  thousands  of  hours  (most  of  them 
yours).  But  now  there’s  help:  Microsoft  Commerce  Server  2000. 


Part  of  the  flexible  Microsoft  .NET  Enterprise  Server  family,  Commerce 
Server  2000  works  with  BizTalk™  Server  2000  and  SQL  Server™  2000 
to  offer  you  a  less  complicated  and  less  time-consuming  approach  to 
building  tailored,  effective  e-commerce  solutions.  For  example, 

Commerce  Server  2000  comes 
with  fully  functional  out-of-the- 
box  starter  sites,  and  pre-built 
applications  such  as  click 
stream  analysis,  to  help  you 
get  your  site  up  and  running  even  faster.  And  with  full  XML  support, 
seamless  data  transfer  moves  from  the  wish  list  to  the  “done”  list. 


MARKET  FACT 


According  to  Netcraft,  the 
leading  supplier  of  market 
intelligence  and  Web  server 
data,  more  e-commerce  Web 
site  solutions  are  built  on  the 
Microsoft  enterprise  e-commerce 
platform  than  on  any  other* 


So  go  ahead  and  build  the  effective  site  you’re  being  asked 
to  build,  and  still  manage  to  have  a  life.  To  find  out  more,  visit 
microsoft.com/commerceserver  Software  for  the  Agile  Business. 


Microsoft 


States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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How  did  Adobe  turn  thousands  of  lines  of  computer  code  into  a  masterpiece?  By  managing  the 
development  of  their  new  Illustrator®  software  with  the  beautifully  powerful  FileMaker®  Pro.  With  its 


intuitive  interface,  FileMaker  Pro  5.5  helped  Adobe  workgroups  log  and  correct  software  bugs  during 
Illustrator  10  s  testing  phase -keeping  up  to  90  employees  simultaneously  updated,  via  the  Internet, 

©200]  hileMaker,  Inc.  All  rights  reserved.  FileMaker  is  a  trademark  of  FileMaker,  Inc.,  registered  in  the  U.S.  and  other  countries.  The  file  folder  logo  and  “ If  hat's  your  problem?” 


are 


dobe  Systems  Incorporated 

345  Park  Avenue 

San  Jose,  CA  95110  -2704 
Phone  408  536  9000 
Fax  408  537  9100 

cscott@adobe.com 


with  information  from  test  users  at  over  200  different  Beta  sites.  And.  because 
FileMaker  Pro  integrates  with  Microsoft  Office  and  supports  XML.  JDBC  and  ODBC 
it's  also  incredibly  attractive  to  Adobe’s  IT  department.  To  turn  your  next  project  into 
a  work  of  art.  \isit  www.filemaker.com  or  call  800-325-2747.  Whats  your  problem “ 


trademarks  of  FileMaker.  Inc.  All  other  trademarks  are  the  property  of  their  respective  holders. 
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Inadequate  security  leaves  companies  open  not  just 
to  hackers  but  to  lawsuits.  Here’s  how  to  stay  out 
of  court  and  protect  your  company  (Page  62).  And  in 
Miller’s  Privacy  Warning  (Page  72),  Legal  Expert 
Arthur  Miller  says  CIOs  and  corporate  America  also 
have  to  protect  people’s  privacy — or  risk  a  jury’s 
wrath.  By  Sarah  D.  Scalet  and  Alison  Bass 
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“I  don’t  mind  if  people  sell  their  privacy. 

But  what  disturbs  me  is  that  individuals 
are  not  sufficiently  informed  to  make 
intelligent  choices." 

-Arthur  Miller,  Harvard  Law  School  professor 
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BrightStor™  Storage  Management  Solutions 

For  years,  storage  management  has  been  an  ever-increasing  cost,  not  a  source  of  potential 
opportunity.  But  that's  all  about  to  change.  Because  we've  created  BrightStor,  the  most 
comprehensive  suite  of  end-to-end  storage  management  solutions  on  the  market.  BrightStor 
lets  you  leverage  your  resources  and  data  across  your  entire  enterprise,  regardless  of 
platform  or  protocol.  In  fact,  BrightStor  is  the  only  suite  of  solutions  that  supports  all 
three  industry  models  — DAS,  NAS  and  SAN -cross-platform.  Which  means  you  can  look 
at  your  eBusiness  needs  as  a  whole,  not  piece  by  piece.  So  you  can  optimize  your  resources 
across  your  entire  storage  infrastructure.  And,  most  importantly,  you  can  do  more  than  just 
store  information.  You  can  actually  use  it. 


Computer  Associates™ 


HELLO  TOMORROW 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS,v' 


ca.com/storage 


©2001  Computer  Associates  international,  inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


-  J.D  Edwards  World  Source  Company.  2001.  J.D.  Edwards  is 


a  registered  trademark  of  J.D.  Edwards  &  Company  www.jdedwafds.conVciodemo. 
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No  CIO  is  an  island.  No  company  is,  either. 

In  the  Connected  Economy,  walls  are  down.  And 
relationships  rule  the  day.  That  means  collaboration. 
In  other  words,  sharing  information  and  processes 
inside  and  outside  your  enterprise.  So  that 
you  can  meet  the  changing  business 
landscape  head  on.  How  do  you  get  there? 

J  ^  your  organization 

Collaborative  Software  from  J.D.  Edwards. 

Our  proven,  integrated  solutions  lead  to  higher 
efficiencies.  Tighter  relationships.  And  quicker 
time-to-value.  Putting  you  on  the  next  level  of 
shared  business  process  optimization.  To  experience 
our  c-commerce  demonstration,  visit  us  online  at 
www.jdedwards.com/ciodemo. 


JDEDWARDS 


DISASTER  RECOVERY  I  54 

How  Nasdaq 
Bounced  Back 

Nasdaq  was  back  up  and  trading  just  six 
days  after  the  World  Trade  Center  disaster. 
Its  CIO,  Gregor  Bailar,  credits  distributed 
systems,  contingency  planning  and  a 
redundant  architecture  for  the  exchange’s 
resiliency.  Not  to  mention  some  very 
dedicated  people.  By  Tom  Field 


"You  have  no  clue  what  the  next  disaster 
is  going  to  look  like.  Will  it  hit  a  power 
substation?  Will  it  hit  the  trains  coming 
in  so  none  of  the  traders  can  get  in? 

You  really  need  to  be  able  to  communi¬ 
cate  and  have  a  place  for  people  to  talk 
about  what’s  going  on.”  -Gregor  Bailar 
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Since  different  businesses  use  different  messaging  solutions,  every  business  can  benefit  from 
the  global  expertise  of  United  Messaging.  That's  because  we  design  our  systems  to  work  with 
all  of  the  leading  platforms.  Whether  you  use  Microsoft  Exchange®,  Lotus  Notes®  or  Internet  mail, 
United  Messaging  provides  solutions  that  exceed  your  expectations  while  integrating  seamlessly  with 
your  current  environment.  So  you  can  work  smarter  and  faster  without  any  unnecessary  disruptions.  After 
all,  being  100%  focused  on  business,  we  wouldn’t  have  it  any  other  way.  For  the  best  choice  in  enterprise 
messaging,  call  United  Messaging  at  1-888-993-5088,  or  visit  us  at  www.unitedmessaging.com. 


RETURN  ON  COMMUNICATIONS! 

◄ . 

The  need  to  move  to  a  new  environment.  Chances  are,  your  business  has  changed  since  your 
networks  were  deployed.  You  may  have  implemented  new  applications.  Experienced  exceptional  growth. 
Maybe  you  re-organized  or  merged.  Whatever  changes  you  may  have  experienced,  you  can  take  your 
networks  where  they  need  to  go  with  AT&T's  unique  combination  of  Skill,  Scale  and  Scope. 

The  skill  to  deliver  effective  solutions. 

With  thousands  of  experienced  network  professionals,  AT&T  can  support  your  move  to  a  next 
generation  network. 

►  Proven  systems  and  processes 

►  Leading  expertise  in  security  and  continuity 

►  World-class  Service  Level  Agreements 

ORDERLY  NETWORK 

MIGRATION 

The  scale  to  implement  globally. 

When  your  company’s  solution  is  ready  to  fly,  it  can  fly  virtually  everywhere. 

^  Scalable  innovations 
P  Industry-leading  global  IP  backbone 
r  Access  from  850  cities  worldwide 

The  scope  to  maximize  your  return. 

AT&T  has  a  wide  range  of  technologies,  services  and  best-of-breed  partners  to  help  you 
manage  complexity  and  change. 

^  Connectivity  services 
^  Hosting  services 
^  Managed  services 

It  can  all  add  up  to  a  soaring  return  on  your  communications  investment. 

Call  AT&T  toll  free  at  I  866  329-1678 
or  visit  us  at  www.attbusiness.com/return 
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5  days,  5  columns 

MONDAY  Tech  Tact:  New  Tools  for  New  Jobs  Technology  Editor 
Christopher  Lindquist  on  what’s  coming  and  what  it’s 
good  for.  www.cio.com/online/techtact 

TUESDAY  CIO  Radio 

Listen  in  as  Web  Writer  Danielle  Dunne  talks  with 
notable,  quotable  experts  on  critical  IT  issues. 

www.cio.com/radio 

WEDNESDAY  Metrics 

Web  Writer  Jon  Surmacz  finds  the  industry  num¬ 
bers  that  matter  from  the  country’s  most  rep¬ 
utable  analysts,  www.cio.com/metrics 

THURSDAY  Sound  Off 

Lor  opinions  on  managerial,  political  and 
ethical  dilemmas  that  confront  CIOs  daily,  read  Executive  Web  Editor 
Martha  Heller’s  column  and  join  the  debate,  comment.cio.com 

F  R I  DAY  The  35  Cent  Consultant 

Questions  about  strategy?  Staffing?  Integration?  Executive  Editor  Derek 
Slater  gives  readers  advice  that’s  worth  every  penny,  www.cio.com/35cent 


Career  Counselor 

Mark  Polansky, 
managing  director 
of  Korn/Ferry  Inter¬ 
national,  is  available 
now  to  provide  the 
answer  that  will  give 
your  career  a  boost. 
www.cio.com/ 
executive 


Research  Reports 

Read  what  your 
colleagues  have  to 
say  about  customer 
privacy,  IT  value, 
security  and  more 
in  our  monthly 
research  reports. 
www2.cio.com/ 
research 


Printlinks 

Log  on  now  to  Print- 
links,  where  you’ll  find 
stories,  features  and 
reports  that  take  CIO 
coverage  one  step 
further. 

www.cio.com/ 

printlinks 


Search 

CIO  editors  compile  the  latest 
features,  metrics,  Web  references 
and  more  on  22  need-to-know 
subjects  to  create  our  comprehen¬ 
sive  research  centers.  Here’s  where 
you  should  go  this  month: 

I.S.  STAFFING  Find  the  ABCs  of 
IS  staffing,  as  well  stories  on  layoffs,  the 
staffing  crisis  and  employee  relations. 

www.  cio.  com/sta  ffing 

E-BUSINESS  Ready  for  the  holiday 
season?  Well,  it’s  time  to  get  started. 
Browse  through  stories  on  B2C,  B2B, 
demographics  and  more. 

www.cio.com/ec 

SECURITY  AND  PRIVACY 

Complete  coverage  of  the  trends  and 
technology  that  can  keep  your  company 
safe,  www.cio.com/security 

KNOWLEDGE  MANAGEMENT 

Check  in  here  for  advice  on  developing 
and  maintaining  an  efficient  KM  system. 

www.cio.com/knowledge 

GLOBALIZATION  Keep  up  on  the 
rest  of  the  world,  including  strategy,  tech¬ 
nology  and  events,  with  a  visit  to  our 
Global  research  center. 
www.cio.com/globalization 

CRM  All  that  you  need  to  know  about 
customer  relationship  management, 
including  expert  advice,  up-to-date  fea¬ 
tures  and  the  ABCs,  www.cio.com/crm 


This  month,  in  a  special  section  devoted  to  crisis-related  IT  developments,  coverage 
includes: 


l 


A  comprehensive  look  at  how 
the  IT  community  has  helped 
with  the  recovery  effort. 


2 


Frank  Casale,  CEO  of  the 
Outsourcing  Institute,  talks 
about  the  effect  on  outsourcing. 


3 


Readers  respond  to  the  Sept.  11 
tragedy  with  sadness,  anger,  and 
resolve. 


For  these  features,  as  well  as  daily  reports,  interviews  and  more,  visit  www.cio.com/online/crisis.html 
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Connecting  people 

to  information. 


Without  integration,  business  gets  complicated. 

Your  data  assets  buried  in  many  incompatible  systems, 
databases  and  applications  are  worthless  unless  the 
information  can  be  quickly  and  easily  accessed  by 
people  who  need  it  to  do  business  in  real-time. 
DataMirror's  comprehensive  family  of  data  integration 
and  resiliency  software  unlocks  the  experience  of  now™ 
by  providing  the  instant  data  access,  integration  and 
availability  customers  demand  today  across  all 
computers  in  their  business.  With  end-to-end 
integration  and  out-of-the-box  flexibility,  DataMirror 
software  delivers  real-time  data  such  as  customer 
information,  price  lists,  inventory  levels  and  order 
status  that  you  need  to  work  faster  and  smarter  now. 


Over  1,500  companies  use  DataMirror 
to  integrate  their  data. 

www.datamirror.com 
1  800  362-5955 


MACRO 

It’s  the  power  of  Intel-based  servers.  It’s  delivering  customized, 
split-second-critical  data  to  millions  of  customers  at  once.  It’s  building  an 
enterprise  on  servers  powerful  and  scalable  enough  to  add  affordable 
capacity  when  and  where  it’s  needed.  It’s  knowing  you  can  access  the 
latest  innovations,  from  a  massive  choice  of  solutions.  To  find  out  how  to 
make  all  your  customers  feel  like  they’re  your  only  customer,  visit 
intel.com/ebusiness. 
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From  the  Editor 

lundberg@cio.com 


For  ongoing  coverage  relating 
to  the  attacks  and  their 
aftermath,  please  visit 

www.cio.com/ontine/ 

crisis.html. 


A  Profound 
Change 


AS  I  WRITE  THIS  column,  it’s  two  weeks  and  one 
day  after  Sept.  1 1.  As  I  write  this  sentence,  I  wonder 
how  long  it  will  be  before  we  all  stop  looking  back 
to  calibrate  our  lives  against  that  day.  A  long  time, 
I  suspect. 

In  the  past  two  weeks,  we  at  CIO  have  gone 
from  being  stunned  to  feeling  anxious  and  stressed 
to  getting  back  into  action  again.  Being  from  the 
Boston  area,  we  all  feel  pretty  close  to  the  event.  We 
are  now  trying  to  get  a  handle  on  how  the  world 
has  changed  and  what  that  means  for  the  way  we 
conduct  our  business  and  our  lives,  just  as  most  of 
you  are,  I’m  sure.  As  one  CIO  wrote  to  us,  “Our 
country,  economy  and  all  our  companies  will  be 
permanently  changed  by  the  events  of  Sept.  11, 
2001.  We  don’t  know  the  final  outcome,  but  we 
instantly  began  living  in  a  different  world.” 

Some  of  the  more  obvious  things  that  will  be 
affected  are  security  and  protection  of  critical  infra¬ 
structure,  including  information  systems  and  net¬ 
works;  business  continuity  and  disaster  recovery; 
international  business;  how  we  staff  and  organize 
for  work;  and  how  we  manage  our  supply  chains. 
We  will  bring  you  stories  with  a  CIO  perspective  on 
these  and  other  critical  topics  in  the  months  ahead. 

We’ll  also  bring  you  a  series  of  interviews  with 


some  of  the  CIOs  most  directly  involved  in  recov¬ 
ering  from  the  attacks.  In  this  issue,  we  talk  with 
Gregor  Bailar  about  how  he  got  Nasdaq  back 
online  (see  “How  Nasdaq  Bounced  Back,”  Page 
54).  Soon,  we’ll  also  be  talking  with  the  CIOs  of 
New  York  City  and  the  New  York  chapter  of  the 
American  Red  Cross,  who  are  still  in  the  thick  of 
crisis  management,  but  who  would  like  to  share 
their  experiences  with  other  CIOs. 

In  order  to  bring  these  stories  to  you  in  the  most 
timely  way,  we  will  post  them  on  our  website  at 
www.cio.com/online/crisis.html  as  they  are  ready 
rather  than  waiting  for  them  to  come  out  in  print. 

Information  technology  will  be  an  essential  part 
of  the  solution  to  our  country’s  recovery  and  recon¬ 
stitution  efforts.  CIOs  will  be  called  on  to  provide 
leadership  on  many  fronts.  Some  readers  have 
already  shared  their  early  thoughts  with  us  about 
what  that  might  look  like,  and  we  bring  them  to 
you  here  in  a  special  InBox  section,  following  this 
letter.  If  you’d  like  to  share  your  own  ideas  about 
what’s  important  now,  what  you’ll  be  focusing  on, 
how  things  will  be  different  for  your  department, 
your  company  and  business  in  general,  and  how 
this  might  affect  your  own  decision  making  and 
responsibilities,  please  contact  me. 
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FOR  THE  REAL  WORLD 

Wouldn't  it  he  great  to  have  a  team  of  experts  at  your  disposal  to  get  a  job  clone  without  any  hassles  or  worries? 
At  \1SC. Software,  we  provide  complete  turnkey  systems  for  the  most  demanding  computational  environments  by 
optimizing  the  hardware.  O/S,  middleware  and  applications.  Our  advanced  M  SC. Linux  operating  system  and  clustering 
technology  offer  extremely  cost-effective  customized  solutions  that’ll  make  the  boss  smile.  Support  is  always  just  a  phone 
call  away  at  one  of  our  over  50  offices  worldwide.  Call  us  today.  We're  ready  to  put  our  forces  to  work  for  you. 


For  more  information  call  1.800.642.7437,  ext.2500.  Or  visit  www.msclinux.com/ant. 
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Reader  Feedback 


HOW  A  CIO  CAN  HELP  FIGHT  TERRORISM 

In  the  wake  of  the  terrorist  attacks  on  the  World  Trade  Center  and  the 
Pentagon,  we  invited  CIOs  to  share  their  thoughts  about  what  had 
happened,  and  what  it  would  mean  for  their  companies  and  IT  operations  in 
the  months  ahead.  This  first  letter  was  written  in  the  first  days  after  the 
attack.  The  notes  that  follow  were  written  a  few  weeks  later. 


THE  WORLD  DOES  NOT  SEEM  REAL 

right  now.  We  watched  the  horror,  and 
we  scan  the  horizon  trying  to  find  an 
invisible  enemy.  We  donate  blood  and 
money  and  cheer  on  our  armed  forces 
and  political  leaders,  but  still,  CIOs  hang 
in  almost  helpless  shock,  wondering 
what  will  come  next. 

I  discovered  by  accident  that  I  was 
wallowing  in  my  own  sorrow  instead 
of  being  the  leader  I  should  be.  It 
happened  when  I  walked  into  my 
programmers’  work  area  to  see  how 
everyone  was  doing.  My  programmers 
are  probably  much  like  yours.  They  are 
Indian  and  Spanish  and  Malaysian; 
they  are  from  New  York,  Miami  and 
Texas;  they  are  Hl-B  candidates,  new 
citizens  and  first-  and  third-genera¬ 
tion  Americans.  A  programmer  from 
Colombia  was  talking  about  the  WTC 
attacks.  I  noticed  the  wide-eyed  stare 
he  was  getting  from  a  man  from 
Mexico.  Both  looked  at  me  with 
question  marks  on  their  faces.  “But 
why”  was  all  they  could  say. 


JOIN  THE  CONVERSATION 

How  have  your  priorities  shifted 
in  the  aftermath  of  the  events  of 
Sept.  11,  2001?  Share  your 
thoughts  with  other  IT  execs  at 
www.  cio.  com/online/crisis,  btml, 
or  e-mail  letters@cio.com. 


I  explained  about 
forces  in  the  world 
that  not  only  did  not  like 
the  American  way  of  life  but  wanted  to 
see  it  destroyed.  We  talked  about  how 
these  hateful  forces  were  using  religion 
as  a  cover  for  their  murders.  We  talked 
about  their  fears.  I  was  surprised  to  hear 
a  young  woman  from  Malaysia  say  she 
was  afraid  to  drive  home  alone.  The 
conversation  grew  until  virtually  every¬ 
one  in  MIS  was  crowded  into  this  area, 
and  I  was  drawing  maps  on  the  white 
board,  explaining  the  animosities 
between  certain  players  throughout  the 
Middle  and  Far  East. 

I  concluded  the  impromptu  meeting 
and  I  noticed  something  as  I  was  leav¬ 
ing.  There  were  no  more  1,000-mile 
stares.  Instead  there  was  a  sense  of  nor¬ 
malcy.  This  MIS  department  has  been 
plowing  ahead  ever  since. 

I  learned  that  I  can  fight  terrorism 
by  fighting  terror.  My  people  were 
shocked.  I  cannot  take  credit  for  hav¬ 
ing  the  insight  to  bring  them  together 
and  talk  it  out,  but  it  worked!  So  I  pass 
the  word  to  other  CIOs:  If  you  work 
to  end  the  terror  in  just  one  person,  that 
is  one  less  victory  for  the  terrorists. 

Joe  Gagliardi 
CIO,  Unisa  of  America 
Miami,  Fla. 

IN  THE  FACE  OF  THIS  DISASTER,  A 

lot  of  us  felt  helpless.  I  sure  did.  We 


want  to  be  part  of  a  solution.  It  turned 
out  there  was  something  we  could 
contribute  through  IT. 

The  telecom  infrastructure  was 
severely  impacted  in  New  York 
City.  We  are  a  big  supplier  for 
the  companies  serving  that  mar¬ 
ket,  and  within  24  hours  our 
crisis  team  was  working  on  products, 
processes  and  services  to  bring  these 
guys  back  online.  We  first  asked, 
“What  do  we  have  in  inventory  and 
finished  goods  that  we  could  send?” 
At  the  same  time,  our  sales  partners 
were  working  at  ground  zero  to  see 
what  was  needed.  Our  systems  gave 
us  a  real-time  view  of  what  was  on  the 
factory  floor  or  sitting  on  the  dock 
bound  for  a  customer  that  could  be 
redirected  to  help  get  telecommunica¬ 
tions  restored. 

A  website  was  built  to  host  the  pro¬ 
visioning  status  of  customers’  emer¬ 
gency  requests  and  track  them  through 
our  supply  chain  to  delivery  to  the  cus¬ 
tomer.  We  knew  how  important  it  was 
to  restore  phone  service  and  connectiv¬ 
ity.  We  had  staff  willing  and  able  to 
work  around  the  clock.  We  in  IT  were 
also  able  to  help  by  donating  comput¬ 
ing  equipment. 

For  the  past  few  years,  we’ve  talked 
a  lot  about  anytime,  anywhere  access 
to  information  and  the  ability  that  kind 
of  access  gives  you  to  run  your  busi¬ 
ness.  In  light  of  these  events,  that’s 
taken  on  new  meaning.  The  disaster 
showed  us  we  could  do  a  better  job 
integrating  our  tools  and  information 
so  that  we  can  make  split-second  deci¬ 
sions.  Of  course  this  level  of  integration 
has  an  expense  associated  with  it,  but 
now  we  will  be  able  to  build  a  better 
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SIEMENS 

Global  network  of  innovation 


Spac 


ious  corner 

redefined. 


Business  is  no  longer  confined  by 
four  walls.  Today,  people  need  to  access 
and  exchange  information  -  anytime,  anywhere.  Thanks  to  Siemens 

Next  Generation  Internet  solutions,  they  can.  From  cellular  phones  to 

•  * 

business  communication  systems  to  optical  networks,  we  provide  the 
tools  that  make  Mobile  Business  a  reality.  As  a  leader  in  everything 
from  information  and  communications,  to  healthcare  to  industry  and 
automation,  Siemens  is  in  a  unique  position  to  make  all  our  lives  better. 
When  you  have  460,000  minds  working  together  all  around  the  globe, 
including  85,000  right  here  in  the  U.S.,  innovative  solutions  emerge. 
And  that’s  what  it  takes  to  change  the  world. 
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With  CRM, 

No  Substitute 
For  Experience 

CRM  applications  are  mis¬ 
sion-critical  by  nature.  They 
touch  customers  and  reach 
across  the  entire  organization, 
from  end  users  to  senior  man¬ 
agement.  Thus  it  is  essential  to 
work  with  a  CRM  partner 
deeply  experienced  in  enter¬ 
prise  data,  platforms  and  net¬ 
works,  and  who  understands 
the  complex  nature  of  integrat¬ 
ing  end  to  end  solutions. 

Unisys  has  the  ability  to  inte¬ 
grate  CRM  with  back-end  sys¬ 
tems  and  desktop  applications 
for  a  more  timely  installation, 
resulting  in  quicker  time-to- 
market  and  lower  total  cost  of 
ownership.  Offering  tightly-knit 
CRM  solutions,  Unisys  delivers 
a  single  point  of  contact  for 
sales,  service  and  support. 

“We  partner  with  the  top 
CRM  software  and  network 
companies,”  notes  Bill  Tatnall, 
VP  of  Global  CRM  Solutions  at 
Unisys.  “And  we’ve  worked  for 
years  on  virtually  all  platforms, 
so  the  multi-vendor  environ¬ 
ment  is  a  familiar  one  to  us. 
We’ll  integrate  new  technolo¬ 
gies  with  the  best  of  your  exist¬ 
ing  infrastructure.” 

Unisys  starts  early  in  the  CRM 
planning  stages  with  business 
process  consulting  and  contin¬ 
ues  through  integration,  imple¬ 
mentation  and  ongoing  support. 

To  learn  more  about  what 
Unisys  can  do  to  smooth  your 
CRM  efforts,  visit 

www.aheadforebusiness.com 
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business  case  around  the  risks  and  rewards 
of  having  that  flexibility. 

Susan  S.  Kozik 

CIO  and  VP  of  Supply  Chain  &  Corporate 
Centers,  Lucent  Technologies,  Warren,  N.J. 

A  PAINFUL  JERK  IN  PERSPECTIVE. 

Victims  in  the  air  with  the  technology  to  say 
their  good-byes  from  highjacked  airplanes 
and  collapsing  buildings,  and  we  on  the 
ground  without  the  technology  to  save 
them.  All  of  our  work  writ  on  water. 

Dragged  along  by  well-choreographed 
consensus,  we’ve  spent  a  fortune  and  the 
past  25  years  attempting  to  wring  the  mys¬ 
tery  and  its  attendant  hazards  out  of  the 
future  by  advantage  of  visibility  and  the 
discipline  of  systems.  The  economic  down¬ 
turn  and  the  events  of  Sept.  1 1  remind  us 
that  visibility  isn’t  watching,  and  every  sys¬ 
tem,  no  matter  how  sophisticated,  is 
chaotic  at  some  level.  So  after  a  blistering 
run  up  of  effort  and  expectation,  we’ll  live 
for  a  while  with  loss,  disappointment  and 
tortured  reflection  that  will,  no  doubt, 
affect  our  thinking  for  the  rest  of  our  lives. 

In  some  respects,  it’s  been  easy  to  be  a 
CIO  the  past  10  or  so  years.  Big  projects, 
with  the  assistance  of  the  media  and  fat 
marketing  budgets,  have  practically  sold 
themselves.  And  if  things  didn’t  work  out, 
which  they  often  didn’t,  CIO  jobs  and  the 
next  big  reengineering  gamble  were  easier 
to  find  than  a  box  to  put  your  belongings 
in.  For  the  next  few  years,  things  won’t  be 
so  easy.  For  a  while,  cash  won’t  go  looking 
for  projects.  We’ll  stop  betting  that  tech¬ 
nology  will  be  used  (and  used  well)  if  we 
simply  make  it  available.  As  we  work 
through  this  collapse  of  certainty,  only  the 
handful  of  CIOs  worthy  of  their  titles  will 
find  a  way  to  push  their  departments  and 
companies  along. 

Angels  are  in  the  details,  and  we  ought  to 
get  about  the  business  of  closing  the  holes 
and  eliminating  the  blind  spots.  Too  much 
has  been  left  to  chance.  The  best  throw  of 
the  dice  is  to  throw  them  away. 

Jerry  Gregoire 
Retired  CIO  (Dell,  Pepsi),  Austin,  Texas 


IN  THE  WAKE  OF  THE  TERRORIST 

attacks  on  our  soil,  our  focus  should  be  to 
reassert  our  lifestyle  and  the  way  we  treat 
people,  and  continue  to  make  people  from 
all  backgrounds  and  beliefs  feel  comfort¬ 
able  here  and  encourage  companies  to  stay 
the  course.  If  we  succumb  to  the  people 
who  want  to  change  our  lifestyle,  they  win. 

For  years  it’s  been  difficult  for  CIOs  to 
set  technology  policy  in  the  way  a  CFO 
makes  a  ruling  on  how  we  handle  the  cost 
of  capital  or  the  head  of  HR  creates  a  policy 
on  how  we  treat  people.  These  things  are 
more  or  less  understood  by  the  CEO  and 
don’t  have  to  be  intensely  negotiated.  Now 
the  policies  in  the  CIO  realm  (availability, 
access  control,  restoration)  are  heightened, 
and  the  CIO  ought  to  emerge  as  an  arbiter 
of  how  a  company  positions  itself  vis-a-vis 
risk.  This  should  not  be  negotiable.  The 
CIO  should  march  forward  more  confi¬ 
dently  at  the  management  committee  and 
board  level.  At  the  end  of  the  day,  the  CEO 
is  counting  on  the  CIO  to  do  this,  but 
because  the  CEO  doesn’t  understand  the 
issues  as  well,  he  is  less  confident  about 
being  able  to  back  him  up. 

In  the  late  ’80s  and  early  ’90s,  we  went 
through  a  huge  effort  to  consolidate  data 
centers.  It  was  my  view  that  the  best  solu¬ 
tion  for  Rockwell  was  to  consolidate  to  two 
centers  that  balanced  the  load  and  were  a 
mirror  image.  Because  of  cost  pressures,  we 
ended  up  closing  the  mirror  center  and  had 
all  of  our  eggs  in  virtually  one  basket  on 
the  West  Coast.  We  were  vulnerable  to 
earthquakes  and  located  under  an  airport 
flight  path.  If  an  attack  like  this  had  hap¬ 
pened  back  then,  we’d  have  been  asking 
why  on  earth  we  have  our  only  data  cen¬ 
ter  located  there.  We  entered  into  contracts 
with  Sunguard  for  backup  availability  in 
Philadelphia.  But  given  this  new  reality,  I 
would  have  argued  more  vigorously  to 
maintain  our  Texas  center,  and  I  think  I 
would  have  gotten  more  support. 

James  F.  Sutter 
Senior  Partner,  The  Peer  Consulting  Group, 
Seal  Beach,  Calif.,  (Former  VP  and  GM, 
Rockwell  Information  Systems) 
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uilding  for  the  future  is  no  easy  task.  As  your  strategic  partner,  Unisys 
can  help  you  generate  new  revenue  with  our  knowledge  of  technolog\ 
and  scalable  solutions  that  maximize  what  you  already  have.  In  fact,  9 
out  of  10  of  the  world’s  largest  telecommunications  companies  rely  on 
Unisys  to  grow  and  manage  their  business.  There’s  no  one  better  suited 
to  help  you  evolve  to  wireless  broadband,  multimedia  messaging  and 
other  next-generation  solutions.  With  Unisys,  getting  to  the  leading  edge 
isn’t  just  a  pipe  dream,  Visit  us  at  www.aheadforebusiness.com. 
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You  get  more  than 
a  haircut  from  Mike 
Whelan.  You  get 
courtesy.  Respect. 
Qualities  the 
business  world  of 
today  often  lacks. 

At  Siebel,  we  make 
application  software 
that  lets  you  give 
your  customers 
personalized  service. 
Companies  like  The 
Hartford,  British 
Telecommunications 
Pic  and  Saturn  use 
our  technology. 
They're  among  the 
best-known 
companies  in  the 
world.  And  some 
of  the  best  liked. 


Siebel 

Good  service 
is  good  business. 


www.siebel.com  1-800-356-3321 
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SYBASE  e-BUSINESS  SOFTWARE.  BECAUSE  EVERYTHING 


THE  STRAIGHT  GOODS  ON  e-BUSINESS  PLATFORMS. 
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THE  WHOLE  e-BUSINESS 
THING  IS  A  FAD. 

Nothing  could  be  further  from 
the  truth.  In  times  of  economic 
downturn,  it  may 
seem  prudent  to 
put  the  whole 
e-Business  issue 
on  the  backburner. 

But  it's  not.  Tough 
times  call  for  speed, 
nimbleness  and  agility 
more  than  ever.  The 
time  to  get  smart  and 
implement  e-Business 
solutions  for  your 
customers  is  today. 

THE  INTERNET  CHANGES 
EVERYTHING. 

The  Internet  does  not  change 
everything.  It  doesn't  change 
the  business  rules  that  run  your 
company.  Or  the  infrastructure 
you've  spent  years  building.  Or 
the  nature  of  your  business.  Or 
your  need  to  generate  revenues 
and  profit. 

The  Internet  is  obviously  a  critical 
part  of  any  e-Business.  But  the 
internet  is  only  a  common  set 
of  protocols  for 
the  transport 
of  information. 

It's  how  well  you 
manage  that 
information 
that  determines 
the  success  of 
your  business. 


IT'S  A 
ONE-BRAND  WORLD. 

This  myth  surrounds  just  about 
every  significant  e-Business 
platform  discussion.  Virtually 
every  purveyor  of  e-Business 
platforms  touts  their  version  of 
this  "one-brand"  world.  Their 
brand,  of  course.  Big  surprise. 

At  Sybase,  we  know  it's  just  not 
true.  Countless  brands  compete, 


cooperate  and  commingle  inside 
your  company.  It's  laughable  to 
pretend  that  any  one  external 
organization  can  "standardize"  all 
the  various  protocols,  systems, 
components,  new  technologies, 
languages,  databases  and  vendor 
relationships  that  your  business 
depends  on  to  succeed. 

Our  open  e-Business  platform 
embraces  diversity.  Making  all  of 
this  stuff  work  together  is  what 
our  stuff  is  all  about. 

A  WEBSITE  IS  A  PORTAL. 

A  PORTAL  IS  AN  e-BUSINESS. 

Well,  not  quite.  A  website  is  not  a 
portal.  And  even  if  it  was,  a  portal 
is  not  an  e-Business. 

Portals  and  websites  along  with 
application  servers,  databases, 
customer  relationship  programs, 
automated  supply  chains,  an 
efficiently  connected  field  force 
and  the  rest  of  your  back  office 
are  all  vital  components  of  an 
e-Business.  It's  making  them 
work  together  that's  the  trick. 

Unless  your  data  has  the  ability  to 
travel  from  a  customer's  pager  to 
your  trusty  OS/390 
mainframe  and 
then  back  to  your 
customer  via  cell 
phone,  you  may 
very  well  have  a 
website,  but  you 
really  don't  have 
an  e-Business. 


Our  proven  e-Business  platform 
totally  delivers  this  end-to-end 
functionality.  It  integrates  every 
single  aspect  of  your  business. 
What's  more,  it  has  the  scalability 
to  constantly  integrate  your  new 
components  into  the  mix.  Like 
say,  10,000  brand  new  customers, 
for  example.  Or  a  new  CRM  app. 

Just  something  to  think  about 
when  people  offer  you  buzzwords 
instead  of  technologies. 


IF  AT  FIRST  YOU  DON'T 
SUCCEED,  THROW  SOME 
MORE  MONEY  AT  IT. 

Hah.  Very  funny.  But  still  a  popular 
belief  for  a  long  time.  Listen:  It's  all 
pure  poppycock.  The  real  e-Business 
solutions  deliver  real-life  business 
results.  By  that  we  mean  increased 
revenues,  reduced  costs  and  profit  to 
your  bottom  line. 

At  Sybase,  we  provide  e-Business 
solutions  among  the  FORTUNE  500,® 
to  the  largest  firms  on  Wall  Street, 
to  the  biggest  names  in  healthcare, 
to  the  world's  largest  computer  and 
networking  companies,  and  to  the 
biggest  players  in  Europe  and  Asia. 

We  lead  the  way  in  enterprise  portal 
technology.  We  strongly  dominate  in 
enterprise  wireless  solutions.  And  we 
have  some  of  the  best  middleware 
integration  solutions  found  on  our 
planet. 

So  don't  throw  your  money  around. 
Look  for  an  ROI  that  has  a  sense  of 
immediacy.  Invest  carefully  based 
upon  proven  past  performance  and 
reasonable  expectations  of  return. 

IT'S  ALL  OR  NOTHING. 

The  Big  Bang  Theory:  You  need  to 
do  all  of  this  at  once.  Not  at  all  true. 

We  can  help  you  solve  the  problems 
you  have  today  while  simultaneously 
building  a  platform  that  can  solve 
tomorrow's  problems,  tomorrow. 

Implement  in  the  way  that's  right 
for  your  firm.  From  the  bottom 
up.  Or  the  top  down.  Component 
by  component.  It's  your  choice. 

Call  1-800-8-SYBASE  or  visit 
www.sybase.com/myths  and  we'll 
show  you  how.  Fact,  not  myth. 

I  Sybase 

Information  Anywhere' 


®2001  Sybase,  Inc.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 
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Edited  by  Sandy  Kendall 


STAFF  MANAGEMENT 


Reviews  in 
Round 

By  Jeffrey  L.  Seglin 


EVER  BEEN  ASKED  to  review  your 
boss?  You  might  want  to  get  ready.  A 
Society  for  Human  Resource  Management 
survey  last  year  found  that  32  percent  of 
human  resource  professionals  were  using 
360-degree  feedback  for  executives  at  their 
companies.  “Three-sixty”  involves  review¬ 
ing  employees  from  all  angles — that  is,  get¬ 
ting  input  from  bosses,  subordinates,  peers 
and  even  customers.  The  many  perspectives 
give  a  more  complete  sense  of  a  person’s 
effectiveness  on  the  job  and  can  help  an 
organization  focus  on  long-term  goals  by 
clarifying  how  each  employee  can  con¬ 
tribute  to  the  company. 

Still,  the  tool  is  no  panacea  for  dysfunc¬ 
tional  organizations  to  work  their  way  out 
of  trouble.  Giving  honest  and  complete 
information  to  a  boss  about  his  perform¬ 
ance  can  be  tough  and  requires  a  high  level 
of  trust.  If  the  method  is  used  just  to  gather 
dirt  on  troublesome  people  whom  every¬ 
one  loathes  but  no  one  has  the  gumption  to 
fire,  then  the  process  will  be  perceived  as 
punitive.  “It’s  something  you  do  in  a  rela¬ 
tively  healthy  organization.  If  it’s  [being 
considered]  because  management  lacks  the 


courage  to  give 
straight  feedback  then 
don’t  use  it,”  says  Maxine  Dalton,  a  prac¬ 
tice  area  director  at  the  Center  for  Creative 
Leadership  in  Greensboro,  N.C. 

To  ensure  that  reviewers  feel  secure 
enough  to  give  an  honest  review,  protect 
confidentiality — specific  sources  should  not 
be  identified  when  presenting  results  to 
managers.  If  the  review  requires  rating  on 


a  numbered  scale,  use  averages.  If  narra¬ 
tive  comments  are  given,  aggregate  the 
highlights.  Michelle  Collins,  a  consultant 
with  HR  Development  in  Dallas,  advises 
that  reviewers  answer  questions  about  their 
observations,  such  as  a  manager’s  ability 
to  meet  deadlines  or  follow  through  on 
Continued  on  Page  28 


“I  LOVE  PROGRESS;  IT’S  CHANGE  I  HATE.” 


-Paul  Saffo,  director  of  Institute  for  the  Future,  quoting  Mark  Twain  at  the  2001  CIO-100  Symposium  in  San  Diego 
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ILLUSTRATION  BY  RUSS  WILLMS 


The  lowest  TCO 
in  the  storage  industry? 

EMC,  FYI. 


We’re  doing  more  than  anyone  else  in  the  industry  to  lower  the 
Total  Cost  of  Ownership  of  storage  infrastructure. 


To  see  actual  case  studies  that  show  how  we’re  accomplishing 
that,  check  out  www.EMC.com/showme 


EMC2 

where  information  lives 


trendlines 


USER  RELATIONS 

Blue  Monday 


Reviews  in  the  Round 

Continued  from  Page  26 


A  RECENT  SURVEY  of  86  IT  man¬ 
agers  conducted  by  support  automation 
software  company  Support.com  of 
Redwood  City,  Calif.,  revealed  that  80 
percent  of  IT  staff  hates  Mondays.  While 
it  may  be  that  a  large  percentage  of  any 
staff  has  some  Monday  aversion,  for  IT 
workers  it's  more  than  just  readjustment 
from  the  weekend.  It  turns  out  that  on 
Mondays  IS  staffers  get  the  highest 
number  of  support  calls  from  users 
regarding  PC  and  application  problems. 
Other  support  inquiries  tend  to  be 
spread  out  over  the  week,  the  survey 
reports.  Nonetheless,  6  percent  of  IT 
support  staff  cites  “every  day”  as  the 
worst  day  for  IT  queries. 


requests.  They  should  think  back  over 
the  entire  year  rather  than  an  incident 
that  happened  one  time. 

“The  feedback  should  always  be 
about  individual  and  business  perform¬ 
ance,”  says  Richard  Lepsinger,  a  part¬ 
ner  with  Right  Consulting  in  Stamford, 
Conn.  “It’s  not  just  that  nice  warm 
squishy  thing  of,  ‘Wouldn’t  it  be  nice 
to  know?’”  The  goal  for  the  boss  who’s 
being  reviewed,  he  says,  should  be  to 
enhance  his  performance  so  all  of  you 
can  enhance  the  business’s  perform¬ 
ance.  To  make  this  work,  it’s  impor¬ 
tant  to  review  how  the  manager’s  per¬ 
sonal  goals  tie  into  the  company’s  long¬ 
term  strategy. 

Bosses  should  acknowledge  the  re¬ 


ceipt  of  results.  Collins  advises  man¬ 
agers  to  get  their  teams  together,  thank 
them  for  the  feedback  and  tell  them 
what  they’ve  learned.  According  to 
Dalton,  a  boss  makes  herself  publicly 
accountable  if  she  explains  what  she’s 
working  on  based  on  the  reviews. 
“People  who  do  that  consistently  show 
improvement  on  subsequent  ratings,” 
she  says. 

feedback _ 

Responses  or  ideas  for  Trendlines? 

E-mail  Departments  Editor  Sandy 

Kendall  at  skendall@cio.com. 


Maynard  B 


Y  DARRIN  BELL  AND  THERON  HEIR 


m'T  M  TO  l&M£  M 

mmmwk,  boosting, 
mpete-m  if  it  m  ai  m 
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BOW  To  Be  A  ue? 
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Infonet  offers  multinationals 
global  communications  that  are  snag-free. 

Infonet  has  recently  received  the  prestigious  WCA  Awards  for  Best  Customer 
Care  and  Best  Carrier.  But  to  those  of  you  who  know  us,  that  should  come  as  no 
surprise.  Infonet’s  global  communications  solutions  are  customized,  innovative, 
reliable,  secure,  cost-effective.  And  fully  managed  end-to-end  over  our  global 
multiservice  network.  Infonet  offers  local  support  in  more  than  60  countries  and 
connections  in  over  180.  You  get  snag-free  services  that  let  your  business 
run  as  smooth  as  silk.  Global  communications  services  for  multinationals. 


jnfnnof 

www.infonet.com 


Europe  —  Middle  East  —  Attica  +  32  2  627  39  11  Asia  Pacific  +  65  838  5215  North  America  +  1  310  335  2600  Latin  America  +  56  2  368  9400 
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By  Lorraine 
Cosgrove  Ware 


Retain  Your  Top  IT 

CIO's  July  2001  survey  of  176  IT  pro¬ 
fessionals  shows  that  while  the  IT  staffing 
crunch  has  eased  in  2001,  some  skills 
remain  in  short  supply  and  retention  is 
still  a  big  concern.  Maria  Schafer,  pro¬ 
gram  director  at  Meta  Group,  suggests 
that  companies  develop  competencies  in 
human  capital  management — defined  as 
all  the  processes  that  are  needed  to  lever¬ 
age  talent  in  the  organization — to  meet 
staffing  and  skill  management  challenges. 


Talent 


CIO  RESEARCH 


Keep  the  Staff  You  Have 

This  year,  your  IT  staff  members  are  more 
likely  to  stay  put. 

Q:  Is  your  company  experiencing 
difficulty  retaining  IT  staff? 


2000  2001 


IT  Skills  Are  in  Demand 

While  companies  continue  the  search  for  skilled  IT  staff,  those  staffers  with  an  application 
development  background  are  most  desired. 

Q:  What  IT  skills  are  currently  most  in  demand  in  your  organization?  (Select  top  three  skills.) 


65.9% 


Application 

development 


47.7% 


Website 

development 


54.5% 


Database 

management 


42.6% 


Networking 


267%_ 

Help  desk/ 
user  support 


17.6% 


Staff  Versus  Skilled  Staff 

There  are  plenty  of  applicants  for  the  job,  but  in  2001  we’re  still  experiencing  a  skills  crisis. 

Q:  In  your  opinion,  is  there  an  IT  staffing  crisis  or  an  IT  skills  crisis? 


Staffing  crisis 

(not  enough  job 
applicants) 


Skills  crisis  (enough 
applicants,  but  not 
the  right  skills) 


Both  a  staffing  crisis 
and  a  skills  crisis 


Neither 
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“In  2001,  CIOs  are 
being  asked  to  main¬ 
tain  and  expand  their 
services  with  less 
resources,  which  puts 
greater  demands  on 
a  department  where 
the  burnout  factor 
was  already  high.” 

-Maria  Schafer,  program  director  at 
Meta  Group's  Executive  Services 


Best  Practices 

1  •  Create  a  structure  that  derives  the 
most  value  from  your  staff.  “Most  com¬ 
panies  don’t  have  a  human  capital  man¬ 
agement  process;  it’s  more  like  crisis 
management,”  says  Schafer.  Organiza¬ 
tions  need  a  holistic  approach  that  links 
processes  like  hiring  and  recognition, 
performance  reviews,  resource  manage¬ 
ment,  budgets  and  skills. 

2  •  The  CIO  cannot  do  this  all  alone. 

Form  a  strategic  relationship  with  FIR 
to  educate  them  on  what  IT  requires, 
and  align  hiring  and  business  needs. 
Ideally,  a  company  should  have  a  dedi¬ 
cated  HR  person  who  understands  IT 
to  develop  job  descriptions,  incentive 
and  retention  programs.  “CIOs  tend  to 
be  very  focused  on  technology  when 
increasingly  it  is  not  technology  alone 
that  makes  a  good  product.  It’s  aware¬ 
ness  of  the  business  needs  and  commu¬ 
nication  skills,”  Schafer  says. 

3  •  Keeping  talent  isn’t  always  about 
money.  CIOs  don’t  necessarily  need  to 
get  more  creative  in  their  retention 
strategies,  they  need  to  be  more  aware 
of  the  mood,  workload  and  personal 
priorities  of  their  staff  and  have  a  multi¬ 
plicity  of  incentives  in  place  like  train¬ 
ing  and  recognition. 

Suggest  future  topics  to 

numbers@cio.com. 
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The  Truth  About  Web  Services 


IONA  Live  Video  Webcast  Series 


Call  it  a  groundswell.  Call  it  a  revolution.  Web  Services  are  the  future  of  application  integration— and  will 
give  rise  to  the  next  generation  of  B2B,  Enterprise  Application,  and  Business  Process  Management  solutions. 

Starting  September  20,  2001,  IONA  will  present  a  weekly  series  of  live  video  webcasts  on  Web  Services.  The  sessions  will 
be  educational  presentations  by  members  of  lONA's  team  of  experts. 


Topics  include: 

•  Web  Services  for 
Enterprise  Integration 

•  Business  Collaboration 
and  Web  Services 

•  Infrastructure  for  Web  Services 

•  Java,  J2EE,  and  Web  Services 

•  ebXML  and  Web  Services 

•  Preparing  Your  Enterprise 
for  Web  Services 


Bridging  Microsoft  .NET  and 
Java  Web  Services 

RosettaNet  and  Web  Services 

EDI  and  Web  Services 

Web  Services  Standards  Evolution 

Architecting  Web  Services 

Web  Services  and 
Component  Technologies 


Speakers  include: 

David  Frankel 

Chief  Consulting  Architect 

Klaus-Dieter  Naujok 

Chief  Scientific  Officer 
Chair  of  ebXML 

Eric  Newcomer 

VP,  B2Bi  Product  Development 
Chair  of  the  OTS  RTF 

Michael  Rosen 

Chief  Enterprise  Architect 

John  Rymer 

VP,  Product  Marketing 

Founding  analyst  of  Giga  Information  Group 


Steve  Vinoski 

Chief  Architect  and  VP,  Platform  Technologies 
Co-author  of  "Advanced  CORBA  Programming 
with  C++" 


Media  Sponsors: 


WEEK  World 
WebServices  ^jjjpJURNAL 


CIO 


Corporate  Sponsors: 


Register  online  at 

www.iona.com/ws-webcasts 


IONA 


Total  Business  Integration™ 
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Code  for  Cash 


By  Daniel  J.  H organ 


TOURNAMENT  FEVER  is  on  the  rise  again, 
but  for  this  particular  sport,  game  play  takes 
place  not  on  the  court  but  rather  within  the 
digits  of  computer  code.  Competition  is  driven 
by  the  mental  agility  of  the  players  who, 
despite  their  big-league  abilities,  promise  to 
stick  around  for  their  senior  year. 

At  TopCoder.com,  a  Glastonbury,  Conn.- 
based  coding  competition  company,  program¬ 
mers  participate  in  semiweekly  online  pro¬ 
gramming  competitions  for  cash  and,  if  lucky, 
qualify  for  the  big  dance  at  either  of  the  two 
major  annual  tournaments.  The  TopCoder 
Collegiate  Challenge  premiered  in  June  and 
lent  center  stage  to  the  younger  hotshots.  The 
TopCoder  Invitational  Tournament,  which  is 
open  to  all  members  of  the  growing  TopCoder 
community,  will  bring  together  16  semifinal¬ 
ists  (out  of  256  qualifiers)  on  Nov.  2  and  3 
at  the  Foxwoods  Resort  and  Casino  in 
Mashantucket,  Conn.,  to  compete  for  a 
$250,000  purse. 

At  Foxwoods,  semifinal  competitions  will 
pit  four  programmers  against  one  another. 
They  must  create  a  code  to  satisfy  an  assigned 
scenario  within  a  75-minute  time  limit. 
Contestants  then  spend  15  minutes  in  the  chal¬ 
lenge  phase  scanning  opponents’  codes,  high¬ 
lighting  any  flaws  in  an  attempt  to  oust  their 
rivals.  Winners  of  each  round  advance  to  the 
finals  in  the  tournament  championship.  Jason 
Woolever,  former  MIT  grad  student  and  reign¬ 
ing  Collegiate  Challenge  champ,  banked 
$100,000  for  his  clutch  performance  last  June 


in  San  Francisco.  He’s  now  a  senior  research 
and  development  engineer  for  Synopsys  in 
Sunnyvale,  Calif. 

Been  fantasizing  about  drafting  a  super- 
star  such  as  Woolever  onto  your  IT  squad? 
Companies  can  either  post  jobs  at  www.top 
coder.com  or  take  advantage  of  a  match¬ 
maker-style  hiring  program  in  which 
TopCoder  fetches  a  qualified  programmer 
from  the  member  community  based  on  a 
company’s  demands.  Also  useful  is  a  com¬ 
plex  rating  system  that  distinguishes  one 
coder  from  another,  allowing 
employers  to  evaluate  and 
compare  potential  employees. 

“TopCoder  was  put  together 
to  differentiate  between  [pro¬ 
grammers],”  says  Jack  Hughes, 
founder  and  chairman.  “The 
programming  community  is 
not  homogeneous.” 


At  TopCoder's  Collegiate  Challenge 
last  June,  the  stage  was  set 
(center)  for  the  final  four  program¬ 
ming  competitors  (bottom)  to  vie 
for  the  cash  prize,  eventually  won 
by  Jason  Woolever  (top). 


“When  I  was  a  student  at  MIT  in  the  Al  lab,  supposedly  we  were  working 
on  knowledge  representation  and  natural  language,  but  all  the  students 
would  come  in  at  night  when  they  weren’t  supposed  to  and  work  on  all 
these  other  things,  games  and  programs....  All  the  stuff  we  weren’t 
supposed  to  be  doing  turned  into  important  business  things;  the  things 
we  were  supposed  to  be  doing  are  still  just  academic  papers.  It’s  worth 
tapping  in  to  the  troublemakers.” 

-Danny  Hillis,  cochairman  and  chief  technology  officer  of  Applied  Minds,  at  the  2001  CIO-100  Symposium  in  San  Diego 
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transport 


Introducing  Sprint  E|Solutionsf"  Engineered  to  find  the 
quickest  delivery  route  for  your  data  anywhere  in  the 
world,  the  Sprint  Tier  1  Internet  backbone  simply  manages 
and  routes  information  better. 

Better  information  management  means  that  every  aspect 
of  your  business  moves  faster  and  more  smoothly  over 
our  network.  It  also  helps  account  for  our  record  as  one 
of  the  most  reliable  networks,  with  the  fewest  reportable 
network  outages  of  all  the  major  carriers  over  the  last 
four  years. 

That's  reliability  you  can  get  in  writing,  with  some  of  the 
most  comprehensive  Service  Level  Agreements  in  the 
industry  ensuring  that  your  Internet  connection  is  continuously 
up  and  performing. 

But  our  reliability  extends  beyond  the  realm  of  high 
performance.  We've  taken  extraordinary  precautions  to 


make  sure  your  business  always  operates  securely  over 
the  Sprint  network,  with  24/7  real-time  monitoring,  intrusion 
detection,  and  the  most  advanced  firewall  protection  available. 

We've  done  all  this  with  one  goal  in  mind:  to  make  sure  that 
nothing  comes  between  your  business  and  your  customers. 


company's  future,  consider  the  case  for 
entrusting  your  E-business  to  us: 


Call  1  866  331-7888  for  our  essential  guide. 

sprintesolutions.com/proof 


IP  VPN  •  Remote  Access  •  Hosting  •  Managed  Security  •  Managed  Services  •  Collaboration  Tools  •  Consulting 


Sprint  Evolutions 


Copyright  ©  Sprint  2001.  All  rights  reserved.  Sprint,  the  diamond  logo,  and  Sprint  Evolutions  are  trademarks  of  Sprint  Communications  Company  L.P. 


On  the  Move 


Compiled  by 
Lauren  Capotosto 


Blockbuster  Looks  to  IT  for 
Box-Office  Success 


A  YEAR  AGO,  industry  analysts  pre¬ 
dicted  that  video-on-demand  systems 
would  put  rental  chains  out  of  business. 
And  Hollywood  film  studios  have  made 
their  own  noise  about  ushering  in  the  age 
of  direct-to-consumer  video-on-demand. 
To  protect  its  turf,  Dallas-based  Block¬ 
buster  has  appointed  a  new  CIO  to  bolster 
corporate  IT  systems  and  prepare  the 
video  rental  chain  to  ride  the  wave  of 
emerging  technologies. 

With  his  30  years  of  IT  experience,  Glenn 
Thistlethwaite,  Blockbuster’s  new  CIO,  is 
determined  to  help  the  $5  billion  company 
remain  the  country’s  largest  video  rental 
chain.  Blockbuster  has  the  technology  to 
deliver  video-on-demand  and  the  partner¬ 
ships  to  guarantee  itself  a  leading  position 
when  that  marketplace  explodes,  Thistle¬ 


thwaite  says  (although  Blockbuster’s  video- 
on-demand  projects  are  under  the  auspices 
of  the  company’s  new  media  division,  not 
Thistlethwaite’s  IT  organization). 

In  the  meantime,  Thistlethwaite  is 
charged  with  improving  the  company’s 
services  to  customers  through  IT.  His 
immediate  plan  is  to  transform  the  300- 
person  IT  department  from  a  technology- 
focused  group  to  a  business-focused — and 
customer-focused — department.  “We  need 
people  to  have  a  business  perspective,  and 
you  can’t  do  that  if  all  you  understand  is 
bits,  bytes  and  networks,”  Thistlethwaite 
says.  He  also  plans  a  radically  different 
approach  to  implementing  business 
solutions.  With  few  applications  available 
for  “rentailers,”  Blockbuster  has  designed 
its  own  applications  since  1985.  But 


Player  s  Guide 


Minster  Joins  Yurman  Designs  as  CIO 

David  A.  Minster,  former  vice  president  and  CIO 
of  the  Elizabeth  Arden  Co.,  has  joined  New  York 
City-based  Yurman  Designs  as  vice  president  and 
CIO  of  the  fine  jewelry  company.  He  is  responsi¬ 
ble  for  management  of  all  global  information  sys¬ 
tems,  including  e-business.  This  is  a  newly  cre¬ 
ated  position  at  Yurman. 


Other  Moves 

Tanya  Dins  has  been  appointed  CIO  at  Kana,  a 
Menlo  Park,  Calif.-based  vendor  of  eCRM  products. 

Merrill  E.  Feldman  was  recently  named  chief 
enterprise  information  officer  (CEIO)  at  Ion 
Systems,  a  Berkeley,  Calif.-based  supplier  of  elec¬ 
trostatics  management  solutions. 


Gelb  Named  CIO  at  National  Grange 
Insurance 

Joel  Gelb,  former  senior  vice  president  and  CIO  at 
Frontier  Insurance  Group,  has  joined  National 
Grange  Insurance  Co.  as  vice  president  and  CIO 
of  the  Keene,  N.H.,  enterprise.  He  has  extensive 
experience  in  technology  and  insurance  informa¬ 
tion  systems  management. 


Larry  Godec,  former  CIO  of  First  American  Real 
Estate  Tax  Service,  has  been  named  CIO  of  First 
American  Title  Insurance  Co.  in  Santa  Ana,  Calif. 

Lee-Tyler  Mun,  former  CIO  of  Realnames,  has 
joined  Nuance  as  vice  president  and  CIO  of  the 
Menlo  Park,  Calif.-based  vendor  of  voice  Web 
software. 


Thistlethwaite  will  now  integrate  off-the- 
shelf  applications  wherever  possible.  The 
less  the  company  needs  to  customize,  the 
better,  he  says.  Purchasing  off-the-shelf 
applications  like  warehouse  management 
and  labor  scheduling  apps  will  save 
money,  and  speed  the  delivery  of  services 
to  customers. 

Thistlethwaite  was  a  consultant  for 
Price waterhouseCoopers  prior  to  joining 
Blockbuster.  In  that  role,  he  advised 
Blockbuster  CFO  Larry  Zine,  who  had 
assumed  the  IT  executive  role  when  the 
company’s  previous  CIO  retired  in  the 
spring.  Thistlethwaite  completed  an  orga¬ 
nizationwide  IT  assessment  for  Block¬ 
buster  as  its  IT  consultant. 


Will  Smith,  former  vice  president  and  CIO  at 
WRQ,  has  joined  NetlQ  as  vice  president  of  world¬ 
wide  IT  for  the  San  Jose,  Calif.-based  vendor  of 
e-business  infrastructure  management  software. 
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/  guess  your 
development 
team  hasn  *t 
heard  of 
TogetherSoft ! 


Your  developers  don't  have  to  work  all  night;  and  you  don't  have  to  wait  all  night 

A  staggering  84%  of  software  projects  come  in  late  and  over  budget.  Avoid  being  a  part  of  that  statistic. 
Empower  your  teams  and  cut  your  development  time  in  half  with  Together®  ControlCenter ™. 

Download  Together  ControlCenter  today  and  experience  it  for  yourself.  For  a  special  extended 
eval  period,  30  days  instead  of  our  usual  15,  use  this  URL:  www.togethersoft.com/cio4.html 


For  more  information  Tel  (919)  833-5550 

900  Main  Campus  Drive,  Suite  500,  Raleigh,  NC  27606  USA 


Improving  the  ways  people  work  together 


©2001  TogetherSoft  Corporation.  All  rights  reserved.  Patents  pending.  TogetherSoft,  the  TogetherSoft  Logo,  Together  ControlCenter,  and  Improving  the  ways  people  work  together  are  trademarks  or 
registered^ trademarks  of  TogetherSoft  Corporation. 


The  application’s  up 
It’s  down. 

It’s  up. 

It’s  down. 

It’s  up. 

It’s  u...down. 


Inc. 


What  is  the  user's 
reaction  to  your 
web  applications? 


The  dependence  of  companies  on  complex  web-enabled 
applications  has  grown  beyond  anything  imagined  only  a 
few  years  ago.  Which  has  led  to  the  need  for  Tonic. 

The  ability  to  identify  a  potential  web  application 
problem  before  your  users  do.  Then  move  a  step 
beyond  real-time  monitoring  to  trace  the  root-cause 
and  take  automated  corrective  action  -  ensures  a 
positive  user  experience.  And  makes  the  challenge 
of  managing  web-enabled  applications  far  less 
daunting.  Even  predictable. 

Easy  to  use  with  immediate  results. 

Let  us  prove  it.  Visit  www.tonic.com/trial  to  qualify  for  a 
free  30-day  trial  of  Tonic. 


TONIC 


Total  Leadership 


Look  Before 
You  Leap 

If  you’re  contemplating  taking  a  new  job, 
first  assess  the  lay  of  the  land 

BY  CHRISTOPHER  HOENIG 

WHEN  YOU  TAKE  A  NEW  CIO  JOB  or  similar  executive  position,  what 
can  you  do  right  off  to  give  yourself  the  greatest  chance  of 
success?  That’s  one  of  the  questions  I  get  asked  most  frequently. 

There’s  no  doubt  that  the  most  successful  CIOs  take  the 
time  to  assess  the  lay  of  the  land  before  digging  in  to  a  new 
job.  That  means  working  through  progressively  deeper  levels 
of  understanding  and  commitment  as  you  move  from  investi¬ 
gation  of  your  choices  to  contract  negotiation  to  those  first 
months  on  the  job.  Here’s  the  best  of  what  I’ve  learned. 

Your  Starting  Point 

Before  you  take  any  new  job,  you  must  understand  where  you’ll 
be  starting.  That  means  getting  a  good  view  of  all  the  different 
elements  that  can  have  an  impact  on  you. 

Industry  and  market  dynamics.  Having  experience  in  an 
industry  or  sector  doesn’t  necessarily  mean  you’ve  taken  a  step 
back  to  analyze  the  macroeconomic  trends  (is  it  mature  or 
developing?),  market  dynamics  (what  is  the  competitive  situa¬ 
tion?)  and  structural  trends  (are  there  likely  to  be  major  tech¬ 
nological  or  regulatory  disruptions?).  As  the  past  year  has 


shown,  these  dynamics  can  have  a  huge  effect  on  your  success. 

The  enterprise.  Many  CIOs  neglect  to  assess  the  overall 
business.  What  is  the  history  and  current  financial  picture? 
What  is  in  the  current  investment  portfolio,  including  not  just 
technology  projects  but  also  business  projects?  How  mature 
are  the  company’s  business  and  management  processes?  Don’t 
forget  to  ask  for  any  recent  independent  reports  or  analyses. 

The  people.  In  considering  your  potential  colleagues,  assess 
not  only  their  leadership  abilities,  style,  character,  competence  and 
chemistry  but  also  their  track  record  and  likelihood  of  staying. 
I’ve  heard  countless  stories  of  people  unhappy  with  their  jobs 
because  they  joined  the  company  excited  about  working  with  a 
particular  person,  only  to  have  him  leave  soon  after.  Look  key 
people  in  the  eye  and  ask  them  point  blank  what  their  plans  are. 

The  job.  I  believe  in  not  only  knowing  a  position’s  history 
but  also  viewing  its  description  as  a  rough  draft  that  can  be 
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THE  BOOK  0  F  @  BUSINESS 


DATA  STORAGE  IS  NO  LONGER 
THE  SILENT  PARTNER . 


IT’S  THE  ONE  SCREAMING  FOR  YOUR  ATTENTION. 


DATA  IS  NOW  DOUBLING  every  eight  months. 
Which  means  your  storage  system  is  probably  bursting 
at  the  seams.  Raw  storage  capacity  is  not  the  answer. 
Comprehensive  storage  management  is. 

IBM  and  its  Business  Partners  offer  a  full  range 
of  storage  solutions  that  are  interoperable,  based  on 
open  standards  and  designed  to  work  across  your  entire 
IT  infrastructure. 

IBM  SANs  are  the  foundation,  grouping  storage 
systems  on  a  dedicated  high-speed  network.  The  new 
IBM  TotalStorage™  NAS  300G  series  cost-effectively 
integrates  NAS  and  SAN  solutions  throughout  your 


enterprise.  Tivoli’ storage  management  software  can 
help  you  realize  the  full  potential  of  your  storage 
network.  And  IBM’s  Enterprise  Storage  Server™  is  one 
of  the  most  powerful  storage  devices  on  the  planet.  Its 
latest  enhancements  virtually  eliminate  the  need  to 
shut  down  when  restoring  or  backing  up. 

It  sounds  complicated.  But  IBM  has  helped  thousands 
of  companies  with  everything  from  storage  strategy  to 
implementation.  And  we  can  help  you  too.  For  details  of 
IBM  products,  services  or  our  great  financing  options, 
simply  call  800  426  7777  (ask  for  Storage  Solutions)  or 
visit  ibm.com/storage/totalsolutions2 
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Total  Leadership 


edited  during  a  period  of  negotiation.  Think  about  how  the  posi¬ 
tion  has  changed  over  time  and  the  people  who  have  had  it,  as 
well  as  those  who  may  want  it  now.  What  are  the  scope,  the 
reporting  relationships  and  the  unwritten  expectations? 

The  setting.  Take  into  account  everything  from  your  physical 


location  and  travel  expectations  to  your  office,  support  and  tech¬ 
nology  needs.  Nothing’s  too  small  to  get  right  from  the  start. 

Your  Destination 

The  second  aspect  of  getting  the  lay  of  the  land  involves  defin¬ 
ing  what  you’re  going  to  be  confronting. 

Problems  and  opportunities.  In  most  organizations,  there 
are  too  many  opinions,  too  few  facts  and  multiple  points  of 
view.  You’ll  need  to  make  your  own  assessment.  Then  judge 
the  probability  of  getting  collective  buy-in  on  a  direction.  I’ve 
seen  companies  and  good  CIOs  waste  years  solving  the  wrong 


problems  and  trying  unsuccessfully  to  redefine  them. 

Success  and  failure.  The  next  task  is  to  define  success  or  failure 
specifically  enough  so  that  the  key  players  all  can  agree.  Central 
considerations  will  be  the  specificity  of  your  destination,  how 
fast  you  have  to  get  there,  what  risks  you  can  take  and  what 
resource  constraints  you’ll  be  operating  under. 

Strategies  and  tactics.  Aligning  goals  and 
defining  success  won’t  help  you  if  there  isn’t 
a  common  view  of  strategies  and  tactics  for 
which  route  to  take.  Many  of  them  may  be 
written  in  a  strategic  plan.  Few  will  be  effec¬ 
tively  translated  into  the  realities  of  execution.  It  will  be  vital 
for  you  to  get  a  sense  of  the  organization’s  capacity  for  formu¬ 
lating  and  executing  strategy  well. 

Blind  spots  and  biases.  Probe  unmercifully  for  sacred  cows, 
sludge  projects,  unwritten  rules,  cultural  dark  sides  and  any 
other  things  that  might  jump  out  of  the  closet  at  you  to  make 
your  life  miserable  and  your  job  impossible. 

Time.  One  of  the  hardest  things  to  get  a  sense  of  during 
interviews  is  the  timing  and  rhythm  of  work.  What  shot  clocks 
are  running?  Where  are  the  long  lead  times  that  haven’t  been 
thought  about?  It’s  vital  to  obtain  clear  expectations  from  the 


Make  sure  you  know  how  much  time— and  how 
often— you’ll  have  to  meet  with  your  CEO. 


Call  1-800-OK-CANON  ext.  50orvisitwww.imagerunner.com 


A  box  that  delivers 
paper  documents 
anywhere  overnight? 


Introducing  the  Canon  imageRUNNER  with  document  distribution  technology.  Now  you  can  sent 
paper  documents  anywhere,  in  any  form,  at  anytime,  right  overyour  networkor  the  internet.  Instantaneously.  Simph 
scan  a  document  into  the  imageRUNNER  5000,  and  you  can  send  it  to  any  desktop,  e-mail  address,  fax  machine 
database  or  file  server.  And  since  the  Canon  imageRUNNER  is  capable  of  integrating  directly  with  your  existing 
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Overnight 
Delivery 


*  Requires  additional  software  which  is  sold  separately.  Speak  to  your  authorized  Canon  dealer. 

Canon  is  a  registered  trademark  and  IMAGERUNNER  and  Canon  Know  How  are  trademarks  of  Canon  Inc.  IMAGEANYWARE  is  a  service  mark  of  Canon  U.S.A.,  Inc.  ©2001  Canon  U.S.A.,  Inc 


top  about  any  areas  where  time  pressure  is  significant.  I  know 
one  executive  who  found  himself  in  a  job  with  a  hidden  key 
project  failure  that  absorbed  nearly  all  of  his  time  for  the  first 
year.  By  then,  he  had  lost  credibility  as  well  as  all  his  energy. 

Full  Steam  Ahead 

Now  how  do  you  get  the  job  done?  The  devil  is  in  the  details, 
but  you  won’t  have  the  leverage  to  negotiate  them  once  you’ve 
signed  a  deal.  So  make  sure  you  get  them  right  beforehand. 

Assets.  The  practical  details  start  with  your  budget  and 
other  key  resources.  The  best  advice  I’ve  heard  is  to  get  a  budget 
bigger  than  you  need,  if  at  all  possible;  that  way  you  can  give 
some  of  it  away  during  the  early  part  of  your  tenure,  thereby 
enhancing  your  position  and  relationships  with  peers. 

Control.  Clearly  understand  your  authority  and  accounta¬ 
bility:  where  it  is  sole  and  where  it  is  collective.  In  collective 
situations,  what  is  your  position  and  degree  of  power?  Also, 
don’t  forget  to  anticipate  changes  of  control  and  get  terms  in 
your  contract  that  give  you  freedom  and  protect  your  assets. 
Finally,  control  is  just  as  important  in  your  eventual  exit. 
Anticipate  all  scenarios  and  provide  for  them  before  you  start. 

People.  If  the  existing  staff  isn’t  up  to  the  issues  you’ll  be 


tackling,  you’ll  need  to  get  the  time,  resources  and  approval — 
up  front — to  bring  in  a  new  team. 

Access.  Make  sure  you  know  how  much  time — and  how 
often — you’ll  have  to  meet  with  your  CEO.  Identify  other  lead¬ 
ers  you’ll  need  access  to  and  try  to  get  agreements  there  as  well. 

Compensation.  Finally,  make  sure  you’re  taken  care  of  in 
salary,  benefits,  performance  bonuses,  equity,  severance  bene¬ 
fits  and  other  sweeteners.  If  you’ve  never  done  so,  ask  a  qual¬ 
ity  attorney  or  CIO  acquaintance  to  share  some  of  the  best 
contracts  or  agreements  they’ve  seen. 

No  matter  where  you  are  in  your  career,  the  problems  you 
face  in  a  new  position  will  be  tough  enough,  so  give  yourself 
the  best  possible  chance  of  success  before  you  start,  uni 


How  do  you  assess  the  lay  of  the  land?  Let  us  know  at  leadership@cio.com. 
Christopher  Hoenig  has  been  an  entrepreneur,  government  executive, 
consultant  (McKinsey  &  Co.)  and  inventor,  and  is  the 
author  of  The  Problem  Solving  Journey:  Your  Guide  to 
Making  Decisions  and  Getting  Results  (Perseus 
Publishing,  2000).  He  is  now  chairman  and  CEO  of 
Exolve  in  Washington,  D.C.,  focusing  on  next-generation 
Web-based  problem  solving. 
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Or  a  box  that 
delivers  them  instantly 
over  the  internet? 


mail,  lanfax,  and  document  management  software,  you  can  maximize 
)ur  investment  in  these  systems1?  The  cost  and  hassle  of  overnight 
^livery  are  finally  over.  At  Canon,  we’re  giving  people  the  know-how 
i  make  paper  documents  work  in  an  internet  world. 
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Charging  into  Europe 

Credit  card  maestro  Capital  One  has  built  an  independent  beachhead  in  Britain 
and  is  planning  its  channel  crossing  BY  MALCOLM  WHEATLEY 


CAPITAL  ONE  FINANCIAL  OF  FALLS  CHURCH, 
Va.,  has  built  an  entire  business  on  the  savvy  use 
of  information  technology.  In  the  U.S.  market, 
sophisticated  software  tools — many  of  them  devel¬ 
oped  in-house — trawl  terabytes  of  demographic 
data,  looking  for  consumers  to  target  with  finely 
judged  offers  of  credit,  each  offer  complete  with  cus¬ 
tomized  interest  rates,  conditions  and  fees.  In  con¬ 
trast  to  the  scattergun  approach  adopted  by  most 
of  its  competitors,  Capital  One  has  long  trumpeted 
what  it  terms  its  “information-based  strategy”  to 


credit  rating  and  product  development. 

Most  recently,  Capital  One’s  proprietary  data- 
mining  and  credit-rating  tools  have  been  deployed 
to  identify  profitable  borrowers,  or  “super  prime” 
consumers,  who  are  smart  enough  to  see  through 
the  introductory  teaser  rates  offered  by  other  credit 
card  issuers  bombarding  their  mailboxes,  yet  still 
want  a  better  deal  than  they  were  getting  from  their 
mainstream  card  issuer. 

Enter  Catherine  Doran,  CIO  of  London-based 
Capital  One  Bank  Europe.  Her  mission:  First,  pull 


Edited  by  Contributing 
Editor  Malcolm 
Wheatley.  Send  your 
views  and  ideas  on 
global  business  to  him 
at  passport@cio.com. 


lital  One  Bank  Europe  CIO 
herine  Doran  contends  with 
tinental  differences  in  data  usage. 
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"Nokia  led  the  parade. ..in  the  firewall/VPN  security  appliance  market." 

— I  DC,  June  2001 


"Closer  to  high-availability  nirvana  than  any." 

—Network  World,  December  11,  2000 


"The  Nokia  IP530  is  truly  the  best-of-breed  platform  in  the  firewall  market." 

-Information  Security  Magazine,  September  2001 


"A  formula  for  earning  our  Editors'  Choice." 

—PC  Magazine,  September  25,  2001 


"Easy  to  install  and,  more  important,  easy  to  restore." 

-Network  Computing,  May  14,  2001 
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You  don’t  have  to  take  our  word  for  it.  Nokia  firewalls  and  VPNs  are  the  preferred  choice  of  IT  departments  and 
third-party  reviewers  everywhere.  To  find  out  more,  visit  us  at  www.nokia.com/internet/na.  Welcome  to  the  real  world. 
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off  the  same  locate-and-lure  trick  with 
European  consumers  and  then  repeat  the 
performance  on  the  global  stage.  It’s  a 
peculiar  challenge,  she  admits.  Clearly,  the 
European  offshoot  can’t  stray  too  far  from 
Capital  One’s  highly  public  commitment 
to  its  tried-and-tested  information-based 
strategy  without  making  investors  nervous. 
But  how  do  you  go  about  applying  an 
information-based  strategy  when,  for 
example,  the  information  you  need  either 
doesn’t  exist  or  is  protected  by  tough 
European  data  privacy  laws? 

“Cautiously,”  says  Doran,  with  an  Irish 
lilt  that  betrays  her  origin.  Capital  One 
took  little  risk  by  launching  its  first  global 
foray  in  the  United  Kingdom  in  1996.  It 
was  the  European  country  closest  to  the 
United  States  in  terms  of  credit  card  usage, 
availability  of  demographic  data  and  good, 
consistent  credit-rating  information — with 
several  credit  bureaus  (France,  by  contrast, 
doesn’t  have  any),  credit  data  cross-refer¬ 
enced  to  the  electoral  roll  (illegal  in  some 
countries),  and  both  positive  and  negative 
data  available  (some  countries  allow  only 
certain  categories  of  data  to  be  stored). 

Initially,  Doran  says,  the  IT  function  was 
outsourced  to  the  Bank  of  Scotland,  a 
move  that  both  reduced  risks  and  setup 
costs,  while  speeding  time-to-market. 

That  was  always  a  short-term  measure, 
though,  because  Capital  One’s  informa- 


you’ve  outsourced  that  capability,  you’re 
at  the  mercy  of  other  people’s  prioritiza¬ 
tion  decisions,”  she  says.  “We  needed  to 
become  masters  of  our  own  destiny.” 

Backed  by  the  stream  of  new  products 
tailored  to  U.K.  consumers,  Capital  One’s 
soft  approach  to  globalization  has  paid  off. 
The  U.K.  business  currently  employs  2,400 
people,  split  between  London  and  an  oper¬ 
ations  center  in  Nottingham,  and  boasts 
more  than  2  million  customers — not  bad 
from  a  standing  start. 

Independent  Operations 

Doran  and  her  senior  subordinates  remain 
in  close  touch  with  their  counterparts  at 
headquarters — particularly  in  areas  where 
the  American  market  is  more  mature.  In 
the  e-commerce  arena,  for  example,  Doran 
happily  admits  to  “shamelessly  exploiting 
the  learning  that  the  U.S.  [operation]  has 
made  regarding  design  and  middleware.” 

Despite  this,  the  U.K.  operation  is  defi¬ 
nitely  not  a  clone  of  what  exists  in  the 
United  States.  “It’s  easier  to  list  the  overlaps 
with  the  U.S.  than  the  differences,  because 
it  is  a  completely  independent  infrastruc¬ 
ture,”  she  says.  “We  certainly  didn’t  take 
code  from  the  U.S.,  stick  it  on  a  tape  and 
implement  it  in  Nottingham.” 

In  part,  the  variations  are  attributable 
to  the  different  financial  and  legislative 
environments.  The  detection  of  fraud,  for 


The  European  offshoot  can’t  stray  too  far  from 
Capital  One’s  highly  public  commitment  to  its 
tried-and-tested  information-based  strategy 
without  making  investors  nervous. 

tion-based  strategy  calls  for  a  constant  example,  is  fundamentally  different  in  the 
stream  of  new  products  to  attract  cus-  United  States,  and  consequently  a  wholly 
tomers.  “When  you  must  respond  quickly  new  approach  had  to  be  taken  for  the 
to  changes  in  the  marketplace  and  when  United  Kingdom. 
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Capital  One  Bank  Europe 

The  Business:  Spun  off  from  Signet 
Bank  in  1995,  Capital  One  Bank  has 
since  become  one  of  the  top  10  bank 
card  issuers  in  the  United  States  and 
United  Kingdom  by  applying  smart  IT 
to  the  task  of  figuring  out  whom  to 
lend— and  not  lend— credit. 

The  Challenge:  Moving  from  a  well- 
understood  American  market  to  coun¬ 
tries  where  the  very  notion  of  credit 
cards  is  alien  and  the  data  the  busi¬ 
ness  needs  to  run  does  not  exist. 

The  Solution:  A  combination  of  cau¬ 
tious,  step-by-step  rollouts— using  sur¬ 
prising  amounts  of  custom  software— 
and  a  willingness  to  think  through  the 
practicalities  of  operating  in  foreign 
countries. 


Even  in  noncore  areas  of  the  U.K.  ven¬ 
ture,  systems  have  been  built  from  the 
ground  up,  rather  than  on  U.S.  founda¬ 
tions.  Vendors,  too,  are  not  always  stan¬ 
dard  between  the  countries.  “Obviously, 
there  will  be  areas  where  we  use  the  same 
vendors,  but  it’s  not  a  deciding  factor  in 
the  selection  decision,”  Doran  states. 

While  conceding  that  commonality 
remains  a  long-term  goal,  Doran  points  to 
several  reasons  why  aspiration  thus  far  falls 
short  of  reality — support,  for  example. 
“Some  of  the  [American]  solutions  have  no 
support  basis  in  Europe,  and  where  they 
underpin  business-critical  processes,  it’s 
unacceptable  to  wait  several  hours  for  an 
initial  response,”  she  says.  Cost  is  another 
factor.  “Many  of  the  applications  have 
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ANYONE  WORKING 

AT  YOUR  COMPANY  should  have 

their  head  examined. 


AD002 


How  else  can  you  be  sure  they  have  the  skills  to  do  the  job 
right?  If  knowledge  is  your  company’s  key  asset,  it  pays  to 
measure  it  with  Brainbench. 

As  the  leading  online  testing  provider,  we  validate  skills  in  over 
400  distinct  categories  for  such  companies  as  IBM,  PeopleSoft 
and  EDS.  Like  them,  you  can  gain  significant  competitive  and 
operational  advantages.  By  using  Brainbench  services  you  will: 

Win  bids  against  tough  competitors  by  proving  you  have 
the  best  team 

Improve  profitability  by  cutting  down  on  project  overruns 
and  mistakes 

Boost  workforce  performance  through  smarter  hiring, 
training  and  assignments 

Our  customers  say  that  those  companies  not  using  Brainbench 
online  skills  testing  should  probably  have  their  head  examined. 
So  why  not  take  a  moment  to  find  out  more  about  how  Brainbench 
can  help  keep  your  company  ahead  of  the  competition?  For  more 
information  about  our  services,  just  call  or  e-mail  us. 


7-4800  sales@brainbench.com  www.brainbench.com 
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Last  year  alone,  Brainbench  issued  over 
45%  of  all  IT  certifications.  This  makes 
Brainbench  the  leader  in  this  field.  Not 
surprisingly,  we  are  also  the  only  online 
certification  company  to  earn  the 
coveted  ISO  9001  certification. 
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been  heavily  customized  for  the  U.S.  mar¬ 
ket — in  respect  of  currency,  ZIP  codes  and 
so  on — making  them  inappropriate  for  the 
U.K.  market  and  often  not  economical  to 
transform.” 

Channel  Crossing 

Once  the  U.K.  operation  was  bedded  and 
delivering,  it  was  time  for  Doran  to  cast 
her  eyes  further  afield.  Following  trials  in 
France,  Capital  One  recently  launched 
operations  there.  Another  couple  of 
European  countries  should  go  live  during 
2002,  she  adds,  with  a  further  two  or  three 
going  the  following  year.  “As  we’ve  looked 
at  Europe,  we  haven’t  seen  a  single  formula 
for  how  we  should  go  into  a  country — it’s 
not  a  canteen  menu  but  more  of  an  a  la 
carte  approach,”  she  says. 

It’s  clear  that  Doran  anticipates  the 
European  rollout  with  relish.  That  was  the 
challenge  that  lured  her  from  a  top  IT  post 


Divided  We  Stand 

As  Winston  Churchill  famously 
observed,  Britain  and  America  “were 
two  countries  divided  by  a  common 
language."  The  folks  at  Capital  One 
doubtlessly  pondered  those  words  as 
they  set  up  shop  in  the  United 
Kingdom.  It's  not  just  the  fact  that 
there  are  different  regularity  authori¬ 
ties  but  also  different  reporting 
requirements  and  different  laws.  In 
the  United  Kingdom,  the  calculation 
of  penalty  charges  for  early  loan  ter¬ 
mination  needs  to  comply  with  the 
Rule  of  78,  an  industry  standard 
that's  not  used  in  the  United  States. 
Add  to  that  the  differences  in  data 
availability  and  the  stage  at  which 
companies  are  permitted  to  use  it, 
usury  laws  and  radically  different 
personal  bankruptcy  laws,  and  you 
see  what  Churchill  meant. 


with  Natwest  Bank,  one  of  the  United 
Kingdom’s  banking  giants.  There,  she  had 
1,500  employees  and  a  budget  of  110  mil¬ 
lion  pounds — whereas  at  Capital  One,  it 
is  just  300  staffers  and  a  budget  that, 


although  undisclosed,  is  likely  to  be  on  a 
similarly  reduced  scale.  “The  [Natwest] 
numbers  were  huge,”  she  says.  “But  the 
numbers  for  me  were  never  the  attraction: 
Instead,  it  was  the  excitement,  the  challenge 
and  that  butterflies  in  the  tummy  feeling  as 
you  did  something  new.” 

Another  difference  was  the  frustration 
stemming  from  the  very  nature  of  British 
retail  banking.  At  Natwest,  “we  were  tak¬ 
ing  processes  that  had  evolved  over  300 
years  and  were  attempting  to  apply  modern 
technology  to  move  things  forward,”  she 
says.  “Here,  there’s  much  more  of  a  blank 
sheet  of  paper.” 

A  mixed  blessing,  perhaps.  Not  all  con¬ 
tinental  Europeans  have  taken  to  credit 
cards  to  the  extent  that  British  and 
American  consumers  have — although  they 
still  borrow  money.  In  Germany,  auto 
loans  are  big  business,  while  French  con¬ 
sumers  increasingly  charge  le  shopping  to 
store  cards.  Doran  robustly  rejects  these 
facts  as  inauspicious.  She  characterizes  the 
market  as  one  of  latent  demand  rather 
than  no  demand.  “You  might  say  there’s 
no  demand — but  look  at  the  take-up  of 
mobile  telephones,  which  we  all  now  can’t 
live  without.” 

While  the  marketing  folks  tailor  their 
pitches,  Doran  is  wrestling  with  the  IT  prac¬ 


ticalities  of  entering  new  national  markets. 
Language  complexity  is  a  key  consideration 
when  it  comes  to  call  center  location,  for 
example.  “Do  you  have  one  call  center 
which  covers  all  of  mainland  Europe?  It 


might  make  sense  from  a  business  perspec¬ 
tive,  but  if  you  do  have  one  center,  you’ve 
got  to  have  fluent  Dutch,  German,  French 
and  Italian  speakers  in  sufficient  numbers 
and  located  in  the  same  place — which  is  an 
interesting  challenge,”  she  says.  The  final 
decision?  Geographically  dispersed  call  cen¬ 
ters,  rather  than  a  single  one. 

Countries  of  Origin 

Other  decisions  are  still  being  examined. 
In  which  country — or  countries — should 
statements  be  mailed?  Where  should  cards 
be  embossed?  And  mailings  sent  from? 
“Coming  in  as  an  outsider,  you  can  make 
a  lot  of  mistakes,”  says  Doran.  One  option 
under  consideration  is  to  partner  with 
European  companies  in  joint  ventures — an 
admission  indicative  of  the  challenges.  “We 
would  bring  our  information-based  strat¬ 
egy,  and  they  would  bring  their  local 
knowledge  and  access.” 

With  a  global — as  opposed  to  purely 
European — presence  for  Capital  One  still 
firmly  in  top  management’s  sights,  it’s  clear 
that  the  next  year  or  so  will  be  a  telling  one 
for  Capital  One’s  whole  global  strategy. 
Decisions  that  Doran  make  today  will  have 
consequences  that  reverberate  for  years.  For 
a  CIO  who  enjoys  the  sensation  of  intestinal 
butterflies,  it’s  just  about  the  perfect  job.  ■ 


a  As  we’ve  looked  at  Europe,  we  haven’t  seen 
a  single  formula  for  how  we  should  go  into  a 
country— it’s  not  a  canteen  menu  but  more  of 
an  a  la  carte  approach.  ff 

-CATHERINE  DORAN,  CIO,  CAPITAL  ONE  BANK  EUROPE 
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What  does  product 

development 
mean  to 
you? 


‘A  handheld  that  dazzles 

shareholders  as  much 
as  it  does  users  ” 


The  only  thing  better  than  delivering  a  breakthrough  product  is  doing  it  again.  That's  why  PTC 
solutions  for  Collaborative  Product  Development  are  designed  to  capture  the  best  thinking  of 
your  engineers,  suppliers,  and  customers.  PTC  is  the  world's  largest  software  company  with  a 
total  commitment  to  the  product  development  process.  Product  development  means  business- 
and  at  PTC,  it's  our  only  business.  1.888. PTC.3776  or  www.ptc.com 


Product  development  means  business." 


PTC 

Shaping  Innovation 


©2001  Parametric  Technology  Corporation.  PTC  and  its  logo  and  Product  Development  Means  Business  are  trademarks  or 
registered  trademarks  of  Parametric  Technology  Corporation  or  its  subsidiaries  in  the  United  States  and  in  other  countries. 


GLOBALBUSINESS 


pass  sail  i 


WORLDVIEW  |  KOFFI  M.  KOUAKOU 

Africa  Awaits 

The  continent  is  hoisting  an  "Open  For  Business”  sign— but  there 
are  pitfalls  for  the  unwary 


NOT  FOR  NOTHING  DID  THE  VICTORIAN- 
era  writers  refer  to  Africa  as  the  Dark 
Continent.  Big  enough  to  contain  the 
United  States  three  times  and  holding  more 
than  50  mostly  Third  World  countries,  it’s 
rich  in  both  natural  resources  and  horror 
stories.  But  as  globalization  slowly  but 
surely  reaches  even  the  inner  continent, 
CIOs  from  the  First  World  are  showing  up, 
wanting  to  do  business. 

They’re  in  for  a  shock.  “Only  innova¬ 


tive  CIOs  survive  in  Africa,”  warns  Adi 
Paterson,  executive  vice  president  and  CIO 
of  South  Africa’s  Council  for  Scientific  and 
Industrial  Research  (CSIR),  one  of  Africa’s 
largest  technology  institutions.  CIOs  with  a 
“First  World  only”  style  will  fail,  he  says. 

It’s  not  hard  to  see  some  of  the  difficulties. 
Imported  business  solutions  often  fail  in 
Africa;  the  continent  has  slipped  further  and 
further  into  abject  poverty  and  bad  govern¬ 
ment,  and  information  technology  is  still 


seen  as  a  toy  for  the  elite  and  the  wealthy. 

Tough  or  Soft? 

In  such  an  environment,  familiar  First  World 
traits  either  don’t  work  or  explode  in  your 
face.  Tough-talking?  Straightforward? 
Uncompromising?  “Don’t  try  it  in  Africa,” 
warns  Bob  Day,  executive  director  of  infor¬ 
mation  and  communications  technology  at 
the  University  of  South  Africa  in  Pretoria. 
“Here,  such  arrogant  attitudes  won’t 
work.”  And  when  they  don’t,  the  fallout 
is  often  acrimonious — look  no  further 
than  the  very  public  row  recently  sur¬ 
rounding  South  African  Airways’  former 
American  CEO,  who  was  accused  of  run¬ 
ning  the  airline  ruthlessly  and  being 
uncompromising  on  company  cost-cutting 
and  layoff  decisions. 

Instead,  African  CIOs  recommend  other 
tactics,  borne  of  their  experience  with 
Africa’s  multiple  environments  in  which 
they  operate — cultural,  technological,  polit¬ 
ical  and  business.  When  it  comes  to  work¬ 
ing  styles,  for  example,  Day  recommends 
acting  “softly,  softly,”  as  historically 
Africans  have  tended  to  conduct  their 
affairs  through  consensus,  consulting  before 
making  decisions. 

The  Wireless  Continent 

If  the  management  approach  is  different, 
the  end  objective  is  likely  to  be  too.  In  the 
short  term,  at  least,  the  African  CIO’s 
recipe  for  success  must  reflect  the  prevailing 
technology  infrastructure,  which  has  been 
revolutionized  by  wireless.  Today’s  Africa 
has  seen  an  explosive  growth  in  the  use  of 
cell  phones:  It  has  become  an  indispens¬ 
able  tool  for  communication,  business  and 
trade — not  least,  of  course,  because  the 
landline-based  infrastructure  is  so  poor  in 
Africa. 

South  Africa’s  cellular  system  is  only 
7  years  old,  yet  already  there  are  more  cel¬ 
lular  subscribers  than  landline  subscribers. 
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Ninety-two  percent  of  students  use  cell 
phones,  according  to  a  recent  University  of 
Pretoria  study.  “There  is  no  question  about 
it:  The  future  of  Africa  is  wireless,”  says 
Day.  Smart  wireless  products  that  cater  to 
needs  in  the  neglected  communities  of 
health,  education  and  entrepreneurship  are 
the  next  killer  applications  in  Africa. 

But  be  warned  that  this  is  about  as  far 
as  one-size-fits-all  prescriptions  go.  While 
the  rate  of  progress  is  happening  faster  in 
South  Africa  and  in  a  few  Mediterranean 
countries — chiefly  Egypt,  Morocco  and 
Tunisia — it  is  lower  down  the  agenda  in 
other  countries,  an  inevitable  result  of 
strife,  famine  and  natural  disasters. 

Two  Keys  to  Africa 

Nevertheless,  a  couple  of  simple  stratagems 
for  success  can  be  distilled.  First,  partner 
smartly — particularly  with  the  overseas  aid 
development  sector,  which  has  a  budget 
and  clout.  As  partnering  prospects,  orga¬ 
nizations  like  The  World  Bank  and  the 
United  Nations  Development  Program  are 
hugely  influential  in  the  Third  World.  Both 
BMW  South  Africa  and  DaimlerChrysler 
South  Africa  are  currently  applying  the 
development  partnership  approach  in 
South  Africa. 

Second,  learn  to  deal  with  the  African 
government.  Understand  the  lack  of  good 
governance,  and  learn  to  be  patient  as  you 
deal  with  the  dreadful  regulatory  investment 
quagmire  in  Africa.  Plan  for  the  medium 
to  long  term,  rather  than  the  short  term. 

It’s  a  painful  and  fraught  process.  But 
remember,  in  Africa  as  elsewhere,  risk  bal¬ 
ances  reward.  Africa  is  a  tough  and  frus¬ 
trating  place  for  the  incoming  CIO — but 
also  the  last  remaining 
business  frontier. 


Contact  South  Africa-based 
Business  Writer  Koffi  M.  Kouakou 
at  koffi@connexity.co.za. 


Q  &  A  |  FRANCES  CAIRNCROSS 

Distance’s  Demise 


ACCORDING  TO  BRITISH  AUTHOR 
Frances  Cairncross,  a  senior  editor 
at  The  Economist ,  the  world  has 
yet  to  wake  up  to  the  implications 
of  what  she  describes  as  “The 
Death  of  Distance.” 

Intending  to  merely  revise  a 
book  of  that  name  that  she 
authored  in  1997,  Cairncross 
instead  found  that  a  whole  new 
volume,  The  Death  of  Distance 
2.0  (Texere,  May  2001),  emerged 
as  she  surveyed  the  still-unfolding 
possibilities  unlocked  by  the  power, 
reach  and  changing  economics  of 
global  telecommunications. 

Q:  What  kind  of  revolution  are 
you  predicting? 

A:  The  analogy  I  use  is  the  auto¬ 
mobile  in  1910.  By  then,  these 
were  recognizable  as  cars,  but  it 
took  most  of  the  rest  of  the  20th 
century  for  their  social  conse¬ 
quences  to  emerge.  In  telecommunications  terms,  we’re  still  back  in  1910.  As  a  mass 
medium,  the  Internet  is  less  than  a  decade  old — yet  already  385  million  people  around  the 
world  have  been  introduced  to  the  idea  that  it  costs  no  more  to  visit  a  bookstore  in  Seattle 
than  one  on  their  High  Street.  Similarly,  wireless  technology  is  killing  location:  You  can 
work  wherever  you  happen  to  be.  Broadband  will  reduce  the  cost-per-bit  to  close  to  zero. 
Q:  And  how  prepared  are  we? 

A:  Companies — and  investors — have  yet  to  adjust  to  the  slimmer  margins  brought  about 
by  greater  price  transparency  and  more  competition.  And  also  to  the  fact  that  they  will 
become  niche  specialists  rather  than  vertically  integrated  behemoths.  Individuals  have  yet 
to  recognize  that  the  boundaries  between  their  work  and  home  will  increasingly  blur. 
And  governments  still  think  that  within  their  national  boundaries,  their  rule  is  law.  But  as 
content  sweeps  across  national  boundaries,  enforcement  becomes  increasingly  problematic. 
Q:  Is  there  any  good  news? 

A:  Oh,  yes — there  are  positives  as  well  as  negatives.  As  individuals,  we’ll  lose  a  lot  of 
our  privacy,  for  example.  But  as  our  privacy  disappears  so  will  a  lot  of  the  crime  that 
we  fear,  thanks  to  the  pervasiveness  of  electronic  surveillance,  audit  trails  and  the  cap¬ 
ture  of  biometric  data  such  as  fingerprints  and  retina  patterns.  There  is  a  balance. 

-Malcolm  Wheatley 
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get  NetWare  6. 


now  your  Network 


is  just  a  browser  away. 


Need  access  from  Australia?  Want  to  print  from  Prague?  Get  the  freedom  of  NetWare®  6.  As  part  of  Novell’s  one  Net 
vision,  NetWare  6  lets  your  users  have  access  to  their  file,  print  and  other  storage  resources  from  any  browser  in  the  world, 
anytime.  So  no  more  lugging  laptops  to  Latin  America.  All  they’ll  need  is  any  computer  with  an  Internet  connection. 
That’s  it.  And  that’s  the  beauty  of  one  Net.  So  take  this  as  a  sign  and  visit  www.novell.com/netware6  to  learn  more. 


Novell 

the  power  to  chaNge 


©  Copyright  2001  Novell.  Inc.  All  rights  reserved.  Novell  and  NetWare  are  registered  trademarks  and  the  power  to  change  is  a  trademark  of  Novell,  Inc.,  in  the  United  States  and  other  countries. 


;rver  decision  that  will  finally  update  your  data  center.  The  problem  is,  it's  hard  enough  predicting 

what  will  happen  next  quarter,  let  alone  next  year.  So  how  can  you  be 
confident  that  the  infrastructure  choices  you  make  today  are  choices  you 
can  live  with  tomorrow? 

One  option  now  has  to  include  the  new  HP  server  rp8400  — 
a  rack-optimized  breakthrough  designed  specifically  to  help  you  manage 
the  enormous  infrastructure  demands  generated  by  today's  constantly 
evolving  business  environment. 

It's  small  enough  to  fit  two  to  a  rack  yet  provides  unprecedented 
power  and  flexibility  in  a  mid-range  server.  In  fact,  we've  made  room  for  up 
to  16  processors,  setting  new  standards  in  the  category  for  both  performance 
density  and  scalability.  The  kind  of  power  you  need  to  more  easily  manage 
and  control  workload  allocation. 

Best-in-class  dynamic  partitioning  essentially  divides  the  server 
into  sections,  allowing  each  one  to  function  independently.  So  even  if  one 
application  goes  down,  the  other  sections  of  the  server  continue  their  jobs 
unaffected.  Which  makes  it  possible  to  move  resources  around  without 
having  to  shut  down  your  entire  system,  sidestepping  costly  downtime. 

And  with  the  convenience  of  HP  Utility  Pricing,  processing  power 
and  other  services  can  be  made  available  on  tap,  like  electricity.  So  you 
can  easily  and  securely  scale  online  without  having  to  invest  in  expensive 
hardware  or  support. 

HP  infrastructure  solutions  — servers,  software,  storage,  services  and 
beyond— are  engineered  for  the  real  world  of  business.  Because  the  last  time 
we  checked,  that's  where  we  all  work.  Call  1.800. HPASKME,  ext.  246.  Or  visit 
hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 
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Disaster  Recovery 


Nasdaq 


Where  were  you  on  Tuesday  morning,  Sept.  11? 


How 


SPECIAL 


Nasdaq  was  back 
up  and  trading  only 
six  days  after  the 
World  Trade  Center 
catastrophe.  In  this 
CIO  interview, 
Nasdaq  CIO  and 
Executive  Vice 
President  of  IT 
and  Operations 
Gregor  Bailar 
credits  distributed 
systems,  contingency 
planning  and  a 
redundant 
architecture  for 
the  exchange’s 
resiliency.  Not  to 
mention  some  very 
dedicated  people. 

BY  TOM  FIELD 


BAILAR  I  was  in  Greenwich  Village  [about 
10  blocks  above  the  World  Trade  Center] 
heading  north  in  a  hired  car.  We  didn’t  hear 
the  crash,  but  we  stopped,  turned  and  saw 
the  smoke.  It  wasn’t  clear  what  was  going 
on.  One  Liberty  Plaza,  which  is  across  the 
street  from  the  World  Trade  Center,  is 
Nasdaq’s  headquarters,  with  mostly 
executive  staff  and  sales  staff,  not  opera¬ 
tional  staff.  Our  offices  are  on  the  49th  and 
50th  floors  of  that  building;  they  saw  the 
first  plane  hit.  I  immediately  called  head¬ 
quarters,  and  they  said,  “Everything  seems 
OK.”  Next  I  tried  to  call  my  wife.  I  had 
trouble  but  eventually  got  a  message 
through.  Then  I  called  Connecticut,  where 
our  primary  data  center  is.  It  appeared  that 
we  didn’t  have  any  issues. 

Then  the  second  plane  hit.  I  thought: 
two  planes,  direct  center  of  two  different 
towers.  Time  to  batten  down. 

I  jumped  in  the  car  and  told  the  driver, 


“We’ve  got  a  major  problem  here;  they  just 
took  out  our  two  financial  center  buildings. 
Let’s  get  out  of  here  and  get  to  our  Times 
Square  site,  where  I  know  we  have  a  lot  of 
security  staff,  and  let’s  get  this  market 
locked  down.” 

What  was  happening  at  1  Liberty? 

They  began  evacuating  after  the  first  plane 
hit.  Our  security  guards  on  their  own 
accord  evacuated  our  floor  at  least,  so  most 
of  our  people  were  on  the  ground  when  the 
second  plane  hit. 

What  did  you  do  next? 

We  drove  to  Nasdaq’s  market  site,  a 
building  where  we  have  a  press  studio  and 
broadcast  studio  in  Times  Square.  At  the 
market  site  a  group  from  the  press  was 
asking,  “What  are  you  going  to  do  with 
this  building?  Shouldn’t  we  evacuate?”  We 
needed  to  keep  it  up  as  our  command 
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talking,  and  I  said,  ‘Yes,  halt  the  market/”  -Gregor  Bailar 


Disaster  Recovery  |  Nasdaq 

center,  so  I  was  not  interested  in  shutting  it 
down.  At  9:15, 1  determined  with  the  rest 
of  our  staff  that  it  would  be  necessary  to 
keep  the  market  closed  at  least  until  10. 
Later  we  made  the  decision  to  shut  down 
the  market  for  the  whole  day. 

Halting  the  market  wasn’t  a  step  you 
could  take  lightly. 

We’ve  never  done  that  in  the  securities 
market,  period.  I  remember  that  moment 
vividly  because  there  were  a  lot  of  people 
on  the  phone  call — 40  or  50  people — 
including  senior  management  for  Nasdaq, 
the  New  York  Stock  Exchange,  the  SEC.  I 
was  the  ranking  executive  for  Nasdaq,  and 
my  cell  phone  was  fading  in  and  out.  They 
were  saying,  “Gregor,  have  you  made  the 
decision?”  and  I  was  saying,  “Yes,  halt!” 
They  didn’t  hear  me.  They  said,  “Gregor, 
we  need  your  confirmation  that  we  need  to 
pull  the  markets.”  I  pressed  some  phone 
buttons  so  that  the  tones  would  stop  the 
conversation.  Everybody  stopped  talking, 
and  I  said,  “Yes,  halt  the  market.” 

How  did  the  command  center  operate? 

When  the  first  tower  fell,  it  took  out  the 
power  in  Lower  Manhattan,  and  in  fact 
Nasdaq  had  a  telephone  switch  there  that 
was  serving  the  market  site  in  Times 
Square.  So  our  market  site  telephones  went 
down.  We  moved  essential  staff  over  to  the 
Marriott  Marquis  [a  hotel  in  Times  Square] 
and  sent  the  rest  home. 

At  the  Marriott,  we  went  through  a 
progression  of  information  gathering.  The 
first  thing  we  had  to  understand  was  our 
personnel  situation.  Then  we  broadened 
the  investigation  to  learn  who  was  affected 
among  our  traders.  Then  we  had  to  under¬ 
stand  the  situation  from  a  physical  perspec¬ 
tive:  Did  we  lose  a  building?  Did  we  lose  a 
data  center?  Did  we  lose  connectivity? 
What  have  we  got  in  the  way  of  physical 
damage  that’s  going  to  take  a  long  time  to 
restore?  Next  we  needed  to  know  the 
regulatory  situation:  Are  people  trading 
today?  What’s  the  landscape  of  the  trading 
industry?  It  was  literally  in  that  order. 


How  did  you  handle  those  tasks? 

In  our  Maryland  center,  they  immediately 
set  up  a  central  depository  for  information 
about  where  all  of  our  people  were  and 
who  was  unaccounted  for.  We  had  two 
people  we  couldn’t  account  for  who  we 
thought  could  have  been  in  one  of  the 
towers;  but  it  turned  out  they  never  got 
there.  We  also  used  this  depository  to  track 
where  all  our  executives  were.  So  if  you 
needed  to  get  in  touch  with  any  executive, 
you  would  call  that  center — it  was  the 
executive  locator  from  that  moment  on. 
Every  hour  or  every  two  hours  a  listing 
would  come  through  saying  here’s  where 
Frank  is,  here’s  where  Gregor  is,  with 
phone  numbers.  That  was  very  important 
because  a  lot  of  us  were  on  the  move  from 
site  to  site. 

We  also  had  a  group  in  our  Maryland 
center  focused  on  the  regulatory  processes. 
Nasdaq  trades  from  8  a.m.,  so  things  had 
already  occurred  that  day.  We  had  to  figure 
out  how  that  would  be  affected  if  we 
restarted  trading  or  kept  it  closed. 

As  for  our  trading  companies,  we  could 
see  by  our  network  monitoring  that  there 
were  certain  sites  that  were  not  respond¬ 
ing.  We  were  pretty  sure  that  there  were 
40  to  70  firms  that  had  problems  based  on 
that  monitoring. 

Some  of  your  traders  were  in  trouble, 
but  Nasdaq’s  systems  were  all  up? 

Nasdaq  is  highly  redundant,  so  just 
because  we  may  have  an  office  gone  or 
they  turn  off  the  electricity  in  Lower 
Manhattan  didn’t  mean  we  were  knocked 
out.  We  have  servers  in  different  buildings. 
Every  single  one  of  our  traders  is  con¬ 
nected  to  two  different  Nasdaq  points  of 
presence  or  connection  centers,  and  there 
are  four  connection  centers  alone  in 
downtown  Manhattan,  none  of  which 
were  really  affected. 

Including  Manhattan,  there  are  20 
connection  centers  around  the  United  States, 
and  every  single  server  connects  to  two  of 
those  centers  through  two  different  paths, 
and  often  through  two  different  vendors. 
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How  did  you  help  your  traders  get  back 
online?  Obviously,  this  was  a  big  factor  in 
reopening  the  markets. 

By  noon  on  Wednesday  we  had  confirmed 
that  if  we  reopened,  60  percent  of  the 
Nasdaq  trading  volume  would  be  ready  to 
trade.  By  the  end  of  the  day  we  called  more 
than  300  firms,  and  of  that  only  30  were 
not  going  to  be  operational  by  the  next  day. 
We  sent  nearly  100  people  from  our  centers 
to  work  with  these  folks.  We  were  also 
given  resources  by  Cisco,  Dell  and 
WorldCom.  On  Wednesday  we  had  about 
10  trading  companies  that  were  going  to 
have  to  operate  out  of  their  backup  centers. 
One  of  those  had  to  be  built  entirely  from 
scratch.  We  knew  it  would  take  at  least 
until  Friday  for  a  couple  of  the  companies 
to  provision  their  backup  sites.  Meanwhile, 
on  Wednesday  I  went  to  several  meetings 
organized  by  Mayor  [Rudolph]  Giuliani 
specifically  to  look  at  the  telecom  and 
infrastructure  of  Lower  Manhattan  and 
discuss  how  we  would  deal  with  access  and 
security.  By  Thursday’s  discussions,  we  saw 
that  the  New  York  telecommunications 
infrastructure  just  wasn’t  getting  there. 
Access  to  the  downtown  buildings  wasn’t 
available  yet.  That  was  when  Monday  was 
decided  for  the  reopening. 

How  did  you  prepare  for  Monday? 

We  started  industrywide  testing  on  Saturday 
at  7  or  8  in  the  morning,  and  by  11:30  that 
morning,  we  had  achieved  98  percent  of  the 
volume.  And  then  on  Sunday  we  did  a  half¬ 
day  of  retesting  with  people  who  wanted  to 
add  a  little  more  volume  capability.  Then 
we  sent  people  home,  saying,  “Get  some 
sleep  guys.  We’ve  got  a  big  day  tomorrow.” 
And  people  were  in  at  6:30  Monday 


56  CIO  NOVEMBER  1,  2001  •  www .cio .com 


IF  YOU  COULD  PRINT  WHILE  YOU  SCAN, 
COPY  WHILE  YOU  E-MAIL, 

_  ]|AX, 

AND  DO  IT  ALL  WHILE  PRINTING 


■mrn : 


YOU'D  BE  SMILING  TOO. 


SS  The  Xerox  Document  Centre  family  of  network  multi-function  systems  saves  you  the  most  time  and  money  by  delivering 
unmatched  productivity.  Our  uniquely  intuitive  screens  make  it  easier  tor  anyone  to  print,  scan,  copy,  fax  -  and  now, 
-  even  e-mail  documents  from  our  Document  Centre  consoles.  Document  Centres  are  fast  because  they're  intelligent.  So 
intelligent,  in  (act,  depending  on  the  Document  Centre  system  you  choose,  it  allows  you  to  use  different  functions  simultaneously  while 
printing  up  to  3X  faster  than  leading  competitors  in  its  class*  The  result  is  cost-crunching  productivity  that'll  have  everyone  smiling. 


SMILE.  NOW  YOU  CAN  LEARN  HOW  TO  LOWER  COSTS  AND  TAKE  YOUR  OFFICE  PRODUCTIVITY  TO  THE  NEXT  LEVEL  WITH  OUR  FREE 

"PLANNING  GUIDE  FOR  SENIOR  EXECUTIVES."  TO  GET  YOURS,  CALL  1  800  ASK  XEROX,  EXT.  369  OR  VISIT  WWW.XEROX.COM/SMILE 

The  Document  company 


XEROX 


•Based  upon  independent  testing  versus  leading  competitive  products  conducted  by  BERTL  (Digital  Test  Lab).  Reports  dated  February  2001.  XEROX,®  The  Document  Company*  and  Document  Centre®  are  trademarks  of  XEROX  CORPORATION. 
These  models  may  contain  some  recycled  components  that  are  reconditioned. 


Disaster  Recovery 


Nasdaq 


“People  will  have  to  look  very  carefully  at  their  backup  strategies 
and  see  whether  they  can  communicate  with  everybody  easily.” 


morning  to  make  sure  everybody  was 
connected  and  up  and  running. 

On  Monday  we  had  amazing  volume — a 
2.7  billion  share  day.  There  were  a  couple 
of  firms  that  had  more  volume  than  they 
thought  they  could  handle,  so  there  may 
have  been  a  couple  of  phone  calls  that 
didn’t  get  answered.  We  traded  something 
near  5  billion  shares  that  day  between 
Nasdaq  and  the  NYSE,  which  is  a  healthy 
volume  on  any  day.  To  have  that  come  six 
days  after  you  literally  were  in  the  cross¬ 
hairs  of  a  terrorist  attack... people  were 
pretty  happy.  People  were  screaming  happy 

What  did  Nasdaq  lose  over  the  downtime 
and  what  did  it  cost  to  get  back  up? 

We  have  interruption  insurance,  so  we 
hope  to  recover  most  of  it,  but  it’s  in  the 
millions,  and  it  could  crest  tens  of  millions. 

What  were  the  disaster  recovery 
lessons  for  Nasdaq? 

We  learned  that  distributed  systems  are 
really  good.  You  have  to  think  about  how 
your  business  has  concentrated  people  or 
operational  centers  in  certain  places.  You’ve 
got  to  consider  if  it’s  the  wisest  distribution. 
We  feel  we  were  lucky  having  some  folks  in 
Connecticut  and  some  in  Maryland.  Even 
if  we  had  lost  some  of  our  senior  manage¬ 
ment  at  1  Liberty  Plaza,  we  would  have 
still  had  a  senior  team. 

This  event  validates  the  distributed 
organization. 

It  certainly  validates  caution  in  how  you 
concentrate  your  operations  and  staff.  If 
you  couldn’t  get  access  to  southern 
Manhattan,  and  that’s  the  only  way  you 
could  open  your  doors,  then  you  were  in 
trouble.  The  other  validation  is  one  of 
network  topology — to  know  that  there  are 


two  network  topologies,  never  just  one — 
and  we’ve  been  religious  about  that. 

Were  there  other  lessons?  Are  you  going 
to  change  anything? 

We  did  have  extensive  [crisis  management] 
rehearsals  for  Y2K  and  for  our  conversion 
to  decimals,  and  in  these  cases,  the  securi¬ 
ties  markets  really  worked  together.  So  it 
was  a  natural  thing  for  me  to  set  up  a 
nationwide  teleconference  for  all  the 
exchanges  in  the  U.S.  at  noon  every  single 
day  and  say,  “Hey  folks,  we  want  to  talk 
about  what’s  going  on.”  We  made  deci¬ 
sions  as  an  industry,  and  our  openness  of 
communication  was  critical. 

One  thing  we’re  going  to  try  is  to 
formalize  more  of  these  communication 
forums.  We’ll  want  to  trigger  those  auto¬ 
matically  with  the  SEC.  Trading  is  still  a 
New  York-centered  industry,  so  there  are 
also  some  things  that  we  want  the  New 
York  City  government  to  do  around 
communications.  But  you  can’t  script  the 
rest.  You  have  no  clue  what  the  next 
disaster  is  going  to  look  like.  Will  it  hit  a 
power  substation?  Will  it  hit  the  trains 
coming  in  so  none  of  the  traders  can  get  in? 
You  really  need  to  be  able  to  communicate 
and  have  a  place  for  people  to  talk  about 
what’s  going  on.  We  already  require  many 
of  our  executives  to  carry  two  cell  phones, 
each  with  different  service  providers.  We 
are  focusing  on  making  sure  the  network  is 
resilient  and  that  the  design  is  able  to 
endure  and  that  we  can  communicate. 

After  living  through  this,  what  would  you 
advise  other  CIOs  to  consider? 

This  was  a  true  test  of  people’s  backup 
strategies.  Did  you  ever  test  your  backup 
strategy?  Have  you  worked  out  of  your 
backup  center?  Do  you  know  how  to  get 


people  there?  Do  you  know  the  critical 
phone  numbers?  A  lot  of  people  don’t  have 
phone  numbers  as  part  of  their  continuity 
of  business  plan.  I  think  people  will  have  to 
look  very  carefully  at  their  backup  strate¬ 
gies  and  see  whether  they  can  communicate 
with  everybody  easily,  whether  the  phone 
numbers  are  not  stored  in  that  same 
building  that  could  experience  the  disaster^ 
and  whether  they’ve  got  hot  backups.  Hot 
backups  are  going  to  be  much  more 
popular  than  they  have  been  in  the  past. 

Any  last  thoughts  about  your  experience? 

I’m  very  proud  of  Nasdaq  and  their 
response,  and  I’m  proud  of  the  industry 
because  it  was  an  incredibly  tough  time. 
People  were  caught  up  in  emotions  you 
can’t  imagine.  Many  of  our  staff  have  been 
going  to  memorial  services  almost  daily. 

Yet  throughout  that  they’re  coming  to 
work.  Not  with  smiles  on  their  faces  but 
with  determination  and  with  no  negativity. 
Everybody  got  counseling  the  first  day. 
Giuliani  visited  with  a  lot  of  our  people  at 
different  locations,  and  there  was  just  an 
outpouring  of  community  you  don’t  get 
too  often  in  normal  daily  life. 

How  did  this  affect  you  personally? 

The  emotional  hit  didn’t  come  until  Friday 
night,  when  I  got  to  my  house  [in  suburban 
Washington,  D.C.]  for  the  first  time  since 
Tuesday.  My  kids  were  asleep  by  the  time  I 
got  home.  My  wife  had  to  go  out,  so  I  was 
alone  there.  That’s  when  it  hit  me.  BE! 

EDITOR'S  NOTE:  As  CIO  went  to  press,  Gregor  Bailar 
accepted  the  CIO  position  at  credit  card  company 
Capital  One,  where  he  was  scheduled  to  start  Oct.  24. 


Executive  Editor  Tom  Field  can  be  reached  at 
tfield@cio.com. 
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Affiliated  Computer  Services  (ACS)  Inc.  is  one  of  the 
world's  largest  business  process  and  IT  outsourcing  com¬ 
panies.  With  nearly  $3  billion  in  revenue  and  thousands 
of  clients  on  six  continents,  its  success  depends  on  mak¬ 
ing  sure  client  IT  resources  are  available,  performing  well 
and  supporting  business  requirements. 

Today's  executives  realize  how  business  success  depends 
on  IT  performance,  and  they  want  to  know  more  about 
it.  ACS  uses  Candle  Corp.'s  OMEGAMON®  XE  to  present 
customized,  user-friendly  views  of  IT  performance  that 
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For  ACS,  that  leads  to  more  informed  -  and  more 
satisfied  -  customers. 
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Royce  Green's  perspective 
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"There's  no  question  that  OMEGAMON  XE  helps  us 

/ 

provide  better  service  to  our  customers.  It  means  we  can 
solve  problems  more  quickly...  and  move  business  faster. 

The  return  on  investment  is  tremendous. " 
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Candle  has  been  helping  companies  succeed  with  their 
customers  for  25  years.  We  can  help  yours,  too. 
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at  the  speed  of  tight 


Cover  Story  |  Information  Security 


Inadequate  security  leaves  companies  open  not  just  to 
hackers  but  to  lawsuits.  Here’s  how  to  stay  out  of  court  and 
protect  your  company.  And  in  “Miller’s  Privacy  Warning” 
(Page  72),  Arthur  Miller  argues  that  the  CIO’s  responsibility 
extends  to  protecting  people’s  privacy,  by  sarah  d.  scalet 


JUST  BEFORE  8  A.M.  ON  FEB.  1,  2001,  C.l.  HOST,  A  WEB-HOSTING  COMPANY  WITH  90,000  CUSTOMERS,  WAS 

hit  with  a  crippling  denial-of-service  attack.  By  the  end  of  the  day,  after  outage  complaints  from 
what  CEO  Christopher  Faulkner  described  as  “countless”  customers,  the  Fort  Worth,  Texas-based 
company  got  its  lawyers  involved. 

Faulkner’s  company  aimed  its  legal  wrath  not  at  any  hacker  but  at  another  business,  Exodus 
Communications,  and  five  of  its  customers.  As  the  nation’s  largest  Web-hosting  company,  Santa 
Clara,  Calif.-based  Exodus  (which  at  press  time  filed  for  Chapter  11  bankruptcy  protection)  has 
served  up  the  websites  of  such  household  names  as  American  Airlines,  eBay  and  General  Electric. 
In  an  injunction  filed  in  a  Texas  district  court  and  later  moved  to  a  U.S.  district  court,  C.L  Host 
alleged  that  the  defendants  committed  or  allowed  a  third  party  to  commit  a  denial-of-service  attack 
on  C.l.  Host’s  systems.  The  defendants  insisted  that  they  were  victims  of  a  hacker  themselves,  not 
the  perpetrators  of  a  crime. 

The  case  never  made  it  to  trial,  but  C.L  Host’s  lawyers  did  convince  a  Texas  judge  to  issue  a 
temporary  restraining  order  shutting  down  three  of  the  Web  servers  involved  in  the  attack  until  the 
companies  could  prove  the  vulnerabilities  had  been  fixed.  This  messy  and  confusing  case  pitted 
not  just  rival  against  rival  but  victim  versus  victim.  Although  the  attacks  lasted  only  a  couple  of 
days,  it  took  seven  month’s  worth  of  legal  fees,  not  to  mention  time  and  energy,  to  close  the  case. 

This  scenario  and  other  similar  ones  are  likely  to  play  out  with  increasing  frequency  as  more 
companies  suffer  public  outages  and  thefts  as  a  result  of  security  breaches.  And  it  raises  a  crucial 
question  that  the  courts  have  yet  to  decide:  When  information  security  fails,  who’s  to  blame? 

The  hacker  is  at  fault,  to  be  sure,  but  experts  say  it’s  only  a  matter  of  time  before  judges  and 


Reader  ROI 

►  Realize  why  lawsuits  over 
failed  information  security 
are  imminent 

►  Determine  how  your 
company  may  be  liable  for 
damage  caused  by  hackers 

►  Learn  how  to  prepare 
and  respond 
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Information  Security 


juries  have  to  decide  whether  companies  that 
are  victims  of  a  security  breach  can  be  held 
liable  for  having  inadequate  security.  Only 
CIOs  who  understand  this  legal  minefield 
will  have  the  answers  their  company  needs 
to  hear — and  know  how  to  protect  their 
business  not  only  from  hackers  but  also 
from  legal  actions  that  may  follow  in  the 
hackers’  destructive  wake. 

The  Next  Asbestos? 

To  hear  some  people  tell  it,  corporate  liabil¬ 
ity  for  failed  information  security  is  the  com¬ 
ing  apocalypse.  Several  experts  predict  a 
flurry  of  personal  injury  lawsuits  filed  by 
customers  whose  personal  information  has 
been  disclosed,  corporate  lawsuits  based  on 
damage  caused  by  security  breaches  at  busi¬ 
ness  partners  and  class-action  lawsuits  filed 
on  behalf  of  irate  stockholders. 

“It’s  going  to  be  the  next  asbestos,”  Ed 
M.  McPherson  III,  Atlanta-based  director 
of  PricewaterhouseCoopers,  recently  told 
a  group  assembled  in  New  York  City  to 
learn  about  cybercrime’s  impact  on  share¬ 
holder  value. 

Security  vendors  are  banking  on  it.  For 
instance,  Redwood,  Calif.-based  Recourse 


Technologies  worked  with  Daniel  Langin,  a 
defense  attorney  for  several  early  Internet 
cases,  to  explore  whether  corporate  officers 
could  be  held  personally  liable  for  informa¬ 
tion  security  breaches.  His  conclusion?  You 
bet.  “It  takes  one  clear  bellwether  case  to  say 


you  have  this  liability,  before  officers  and 
directors  wake  up,”  he  says. 

“It’s  not  a  ‘sky  is  falling’  issue,”  says  one 
CIO  when  asked  about  the  likelihood  of 
such  lawsuits.  Like  many  organizations,  his 
large  hospitality  company  forbids  him  from 
discussing  the  terms  legal  and  security  in  the 
same  breath,  at  least  for  attribution.  “This 
is  what  the  intelligent,  forward-thinking 
company  is  thinking  about.  We  believe  that 
we’ve  taken  every  possible  precaution,  and 
we’re  looking  for  every  possible  thing  on  the 
horizon,”  he  says. 


Lawmakers  are  taking  precautions  as 
well.  Members  of  Congress,  most  promi¬ 
nently  Sen.  Robert  Bennett  (R-Utah),  think 
liability  lawsuits  are  a  real  enough  risk  that 
they’re  drafting  legislation  to  mitigate  the 
threat.  Along  with  Sen.  Jon  Kyi  (R-Ariz.), 


Bennett  drafted  a  bill  that  would  exempt 
businesses  from  Freedom  of  Information  Act 
disclosures,  antitrust  prosecution  and  law¬ 
suits  resulting  from  the  disclosure  of  cyber¬ 
security  information.  In  the  House  of 
Representatives,  Tom  Davis  (R-Va.)  and 
James  Moran  (D-Va.)  have  introduced  sim¬ 
ilar  legislation  that  would  prevent  voluntar¬ 
ily  submitted  information  on  security  prob¬ 
lems  from  being  used  in  lawsuits. 

Although  critics  have  argued  that  such  leg¬ 
islation  would  grant  too  broad  a  scope  of 
immunity  to  businesses,  the  tenor  of  the  dis¬ 
cussion  has  changed  in  the  wake  of  the  Sept. 
1 1  terrorist  attacks  in  New  York  City  and 
Washington,  D.C.  The  argument  for  protect¬ 
ing  the  nation’s  IT  infrastructure  gives  more 
weight  to  the  views  of  those  who  advocate 
companies’  sharing  information  with  the 
government.  Realizing  that  a  security  prob¬ 
lem  at  one  organization  could  be  just  the  first 
domino,  they  hope  to  address  mounting  con¬ 
cerns  about  how  a  successful  attack  on  an 
electric  company,  for  example,  could  cause 
downstream  outages  to  telephone  systems, 
banks  and  many  other  services  upon  which 
citizens  rely. 

Meanwhile,  judges  have  started  assign¬ 
ing  dollar  values  to  security  breaches.  In 
courtrooms  across  the  country,  criminals 
have  been  ordered  to  pay  hundreds  of  thou¬ 
sands  of  dollars,  in  addition  to  serving  time. 
The  problem  is,  hackers  often  have  empty 
pockets,  and  the  damage  they  do  often  far 
exceeds  their  own  financial  gain,  if  any. 


Security  Versus  Privacy 

The  distinctions  can  be  confusing,  but  security  and  privacy 
are  indeed  different  issues 

WITHOUT  SECURITY,  there  can  be  no  privacy,  so  the  two  subjects  are  forever 
entwined.  Legally,  however,  the  issues  are  quite  different.  Fred  H.  Cate,  professor  of 
law  at  Indiana  University  and  senior  policy  adviser  to  the  Center  for  Information  Policy 
Leadership,  explains  the  distinction  as  succinctly  as  anyone.  “I  think  of  privacy  as  the 
use  of  the  data  by  somebody  you  gave  it  to,  and  security  as  the  theft  of  the  data  or  the 
interception  of  the  data  by  the  unknown  third  party,"  he  says.  "If  I  buy  a  ticket  from 
Travelocity,  what  Travelocity  does  with  my  data  is  a  privacy  issue.  If  somebody  hacks 
into  Travelocity  and  steals  that  data,  that’s  a  security  issue.  And  we’ve  had  a  tendency 
to  confuse  the  two." 

Although  some  cases  do  involve  both  security  and  privacy,  two  sets  of  legal 
precedents  are  likely  to  emerge.  Privacy  lawsuits— such  as  the  ones  well-known 
Attorney  Arthur  Miller  discusses  on  Page  72— involve  business  decisions  to  use 
information  in  a  certain  way.  The  security-related  lawsuits  discussed  in  this  article 
involve  situations  where  information  security  fails,  causing  an  unintended  use  of 
information  or  systems.  -S.S. 


It’s  only  a  matter  of  time  before  judges  have 
to  decide  whether  companies  that  are  victims 
of  a  security  breach  can  be  held  liable  for 
having  inadequate  security. 
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Enter  the  banana  peel  theory — you  slip,  and 
someone  else  should  pay. 

“Some  lawyer  is  going  to  figure  out  where 
the  deep  pockets  are  and  is  going  to  chase 
them,”  says  Attorney  Mark  Grossman, 
chairman  of  the  computer  and  e-commerce 
law  group  of  Becker  &  Poliakoff  in  Miami 
and  the  TechLaw  columnist  for  The  Miami 
Herald.  “My  own  profession  can  make  me 
lose  yesterday’s  lunch.  Sometimes  we  earn 
our  reputation.  It’s  the  American  psyche: 
Something  goes  wrong,  someone  else  should 
pay  for  it.  It’s  one  of  our  failings.  Juries  like  to 


give  deep-pocket  money  away  when 
some  small  third  party  gets  hurt.” 

Lawsuits  Looming 

To  date,  CIO  has  not  found  any  such 
liability  lawsuits.  However,  several 
sources  indicated  that  third-party  damages 
are  being  quietly  settled  out  of  court.  As  a 
rule,  it’s  cheaper  for  companies  to  make 
confidential  settlements  than  to  defend 
themselves.  It  also  helps  avoid  publicity 
that  might  give  stockholders  and  cus¬ 
tomers  pause. 


cio.com _ 

For  more  information  on  security,  visit 

our  SECURITY  AND  PRIVACY  RESEARCH 
CENTER  at  www.cio.com/security. 


American  International  Group  (AIG)  has 
paid  out  millions  of  dollars  for  Internet  risk- 
related  claims,  most  as  third-party  damages. 
“Third-party  liability  insurance  is  by  far  our 
most  popular  option,”  says  Ty  R.  Sagalow, 
executive  vice  president  and  COO  of  AIG 
E-Business  Risk  Solutions  in  New  York 
City,  which  has  sold  more  than  1,200 
cyberinsurance  policies  since  it  started  offer¬ 
ing  the  coverage  in  early  2000.  He’s  mum 
on  the  details,  but  says  the  first  concern 
companies  have  when  purchasing  insurance 
is  often  that  they’ll  get  sued  if  something 
goes  wrong. 

Related  issues  have  started  to  make  head¬ 
lines.  In  September,  the  world’s  largest  finan¬ 
cial  services  company  found  out  the  hard 
way  that  putting  customer  information  into 
the  wrong  hands  could  lead  to  a  lawsuit. 
Citibank  and  its  New  York  City-based  par¬ 
ent  company,  Citigroup,  were  served  with  a 
class-action  privacy  lawsuit  alleging  that  the 
companies  illegally  disclosed  private  finan¬ 
cial  information  to  telemarketers  and  ven¬ 
dors.  Citigroup  was  not  available  for  com¬ 
ment.  (For  information  on  other  privacy 
lawsuits,  see  “Miller’s  Privacy  Warning,” 
Page  72.  To  understand  the  overlap,  see 
“Security  Versus  Privacy,”  Page  64.) 

In  August,  the  Washington  state  attorney 
general’s  office  asked  Qwest  Communi¬ 
cations  to  refund  DSL  customers  affected  by 
Qwest’s  outages  while  it  fought  the  Code 
Red  worm.  The  Denver-based  company 
insisted  that  the  Code  Red  problems  were 
not  its  fault.  (See  “Code  Red:  Phase  Two,” 
Page  68.) 

Also,  the  Federal  Trade  Commission  is 
investigating  an  internal  security  bungle  in 
which  drug  manufacturer  Eli  Lilly  acciden¬ 
tally  revealed  the  e-mail  addresses  of  700 
Prozac  users.  At  least  one  customer  com¬ 
plained  to  the  American  Civil  Liberties 
Union  that  the  security  breach  violated  his 
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Code  Red:  Phase  Two 

Companies  are  still  sorting  out  who  is  at  fault  after  the 
Code  Red  computer  worm 

QWEST  COMMUNICATIONS  thought  its  problems  with  the  Code  Red  worm  were 
finally  over.  Then  the  Washington  state  attorney  general’s  office  stepped  in. 

After  receiving  complaints  from  15  to  20  customers  whose  DSL  coverage  was 
interrupted  for  10  days  in  early  August,  the  attorney  general's  office  asked  the 
Denver-based  company  to  give  refunds  to  customers— at  least  one  of  whom  says  he 
lost  $5,000  of  business  during  the  outage.  An  e-mail  exchange,  obtained  by  CIO 
through  a  public  records  request,  provides  a  rare  glimpse  behind  the  curtain  when 
customers,  companies  and  attorneys  try  to  assign  blame  after  a  security  breach. 

“Please  tell  me  how  a  company  gears  up  for  something  like  the  Code  Red  worm 
virus?”  Qwest  executive  Debbie  Magnus  asked  the  attorney  general’s  office  in  an 
e-mail  dated  Aug.  17  in  response  to  an  e-mail  asking  the  company  to  issue  refunds. 
“Qwest  and  Cisco  have  made  every  attempt  to  work  with  the  customers  on  this  prob¬ 
lem.  The  problem  is  not  the  modem,  the  problem  is  the  virus.  Qwest  is  not 
crediting  for  the  virus  problem.” 

Steve  Larsen,  director  of  the  attorney  general’s  cyberconsumer-protection 
division,  responded  that  same  Friday.  “There  are  a  number  of  companies  that  did 
protect  against  this  virus  when  it  came  out  in  July  and  even  before....  It  seems 
reasonable  that  a  customer  should  not  have  to  pay  for  service  they  can’t  get.  If  you 
can’t  watch  your  cable  TV  or  your  newspaper  doesn’t  show  up  for  days  or  weeks  at  a 
time,  I  assume  you  won’t  pay.”  Larsen  then  cited  an  article  in  that  day’s  Seattle  Times, 
reporting  that  DSL  customers  with  the  same  modems  but  different  DSL  providers 
fared  better  during  the  Code  Red  incident. 

“Guess  I  killed  the  messenger,”  Magnus  responded  on  Aug.  21,  explaining  more 
about  the  worm  and  how  customers  could  apply  a  patch.  “The  credits  are  through 
the  repair  office  just  as  normal  repair  credits  are  issued.  Keep  [the  complaints] 
coming,  just  as  you  are  supposed  to,  and  I  will  keep  responding  without  wounding 
you  anymore.” 

Nevertheless,  in  early  September  a  spokesperson  for  the  attorney  general’s  office 
said  the  complaints  were  still  outstanding.  -S.S. 


privacy.  In  a  letter  to  the  FTC  requesting  the 
investigation,  ACLU  Associate  Director 
Barry  Steinhardt  quoted  Eli  Lilly’s  security 
and  privacy  statement,  and  asserted  that  the 
Indianapolis-based  company  had  violated  its 
own  promise  of  confidentiality.  The  FTC 
won’t  release  details  until  its  investigation  is 
complete. 

C.  Lee  Jones,  chairman  and  CEO  of 
AmericasDoctor  in  Gurnee,  Ill.,  and  former 
vice  president  of  IT  of  global  pharmaceuti¬ 
cal  business  at  Abbott  Laboratories,  is  one 
of  many  ClO-types  watching  with  concerned 
skepticism.  Jones  says  he  would  be  shocked  if 
the  Eli  Lilly  incident  didn’t  result  in  legal 
action.  “The  lawyers  follow  the  blood  trail,” 
he  says.  “They’re  like  sharks  out  there.  When 
you  have  ill-defined  laws,  you’re  going  to 
have  attorneys  try  to  set  precedent.” 

Security  Safeguards 

CIOs  looking  for  a  sure  way  to  avoid  the 
coming  deluge  of  legal  action  aren’t  going 
to  find  one.  “Anybody  can  sue  anybody  for 
any  reason  at  any  time,”  says  Bruce  L.  Dean 
of  Karger,  Key,  Barnes  &  Springer  in  Dallas, 
one  of  the  defense  attorneys  in  the  C.I.  Host 
case.  “All  it  takes  is  money  and  convincing 
a  lawyer  to  file  the  case.” 

Dean  got  the  June  2002  trial  date 
scratched  from  the  court’s  calendar  by  argu¬ 
ing  that  his  client,  the  Santa  Clara,  Calif.- 
based  Web-hosting  company  Wintelcom, 
didn’t  have  any  business  ties  in  Texas.  Future 
cases  may  require  more  than  that.  Attorneys 
agree  that  CIOs  should  follow  the  “prudent 
man  rule” — a  legal  term  that  Attorney 
Langin  explains  as,  “the  duty  to  do  what  a 
prudent  person  would  do  to  protect  infor¬ 
mation  assets.” 

To  keep  lawsuits  from  sticking,  Langin 
and  others  offer  these  tips. 

■  ESTABLISH  AND  IMPLEMENT  AN  IN- 
HOUSE  SECURITY  POLICY.  This  number- 
one  security  best  practice  involves  setting 
and  communicating  rules  for  how  your 
company  protects  and  handles  data. 
Milwaukee-based  FBI  Agent  Mark  Bowl¬ 
ing  points  out  that  if  a  company  has  a 


security  policy,  “then  you  can  demonstrate 
that  you  have  standards  you  adhere  to. 
We’ve  certainly  found  instances  where  you 
have  [victims  damaged  by  an  attack  on 
someone  else],  where  the  primary  victim’s 
security  was  not  as  sophisticated  or  as 
well-documented  as  it  otherwise  could  be.” 

■  HAVE  A  SECURITY  AUDIT  DONE.  Once  a 
company  has  a  policy,  officers  should 
make  sure  it’s  being  followed.  Security 
firms,  corporate  auditing  companies  and 
even  insurers  can  conduct  independent 


tests  of  a  company’s  security  measures — 
from  physical  weaknesses  to  the  configura¬ 
tion  of  firewalls  to  how  vigilant  employ¬ 
ees  are  about  protecting  information 
assets.  “If  you  have  a  third  party  come  in 
and  review  [your  information  security], 
then  it  helps  prove  your  case,”  explains 
Theodore  Claypoole,  an  attorney  for 
Womble,  Carlyle,  Sandridge  and  Rice’s 
technology  transaction  group  in  Winston- 
Salem,  N.C.,  and  former  in-house  legal 
counsel  for  Bank  of  America  and 
CompuServe.  “You  can  say,  ‘Look,  we 
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You're  right,  Dell  doesn't  have  one  support  person  with  all  the  answers. 
There  are  thousands  more  where  Carl  came  from. 
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Enterprise  Services.  And  I  am  backed  by  thousands  of  service  people:  on-site,  online  and  on  the  phone.  Each 
able  to  point  to  the  solution,  instead  of  pointing  fingers.  Surprised?  You  shouldn't  be.  Because  when  Dell  builds 
your  custom  Intel®  processor-based  server  and  storage  solution,  Dell  also  builds  a  total  knowledge  base.  From 
configs  to  upgrades  to  service,  Dell  puts  your  entire  history  at  your  support  team's  fingertips,  24/7.  All  it  takes  is 
one  walk  down  the  hall,  one  e-mail  or  one  phone  call  to  start  answering  your  questions.  So  you  can  increase 
uptime.  Speed  deployment.  And  cut  costs. 

That's  why  Dell  is  ranked  #1  in  customer  satisfaction  for  Intel®  processor-based  servers*  To  learn  what 
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Information  Security 


spent  money  to  have  a  reputable  company 
review  our  procedures;  we  took  those  sug¬ 
gestions,  and  we  made  those  changes.’” 

■  REMEMBER  SECURITY  IN  CONTRACTS. 

Legal  counsel  and  information  security  spe¬ 
cialists  should  work  together  on  putting 
security  parameters  into  contracts  with  busi¬ 
ness  partners  and  outsourced  service 
providers.  Then  they  should  do  their  home¬ 
work.  “Clearly  you  have  much  less  control 
over  an  outside  party  than  you  do  over  your 
own  employees,  and  it’s  vitally  important  for 
a  company  entering  into  an  outsourcing 
operation  to  actually  check  the  security  of 
the  contractor’s  computers  rather  than  just 
leaving  it  as  a  matter  of  agreement,” 
Claypoole  says. 

■  DON’T  MAKE  PROMISES  YOU  CAN’T 
KEEP.  Companies  shouldn’t  set  themselves 
up  for  a  breach-of-contract  lawsuit  with 


overzealous  marketing  or  sloppy  promises. 
“I  think  if  you  look  at  privacy  policies  [on 
websites],  you’ll  see  that,”  says  Fred  FT 
Cate,  professor  of  law  at  Indiana  University 
and  senior  policy  adviser  to  the  Center  for 
Information  Policy  Leadership.  He  points 
out  that  wise  companies  say  they  use 
“appropriate  security  measures”  rather  than 
promising  perfect  information  security. 

■  PAY  ATTENTION  TO  REGULATIONS 
AFFECTING  YOUR  INDUSTRY.  The  Gramm- 
Leach-Bliley  Act  for  the  financial  services 
industry  and  the  Health  Insurance  Portability 
and  Accountability  Act  for  health-care  com¬ 
panies  dictate  how  customer  information 
should  be  protected.  Companies  that  do 
business  overseas  may  have  to  follow  rules 
established  in  other  countries,  such  as  the 
European  Union’s  strict  guidelines. 
Companies  that  don’t  meet  those  require¬ 
ments  will  face  penalties  or  lawsuits. 


■  CONSIDER  PURCHASING  E-COMMERCE 
INSURANCE.  Basic  business  insurance 
policies  typically  do  not  cover  the  risks  asso¬ 
ciated  with  doing  business  online.  Cyber¬ 
insurance,  which  is  offered  by  established 
insurance  groups  such  as  AIG  and  newer,  e- 
centric  groups  like  Insuretrust,  fill  the  gap 
by  covering  liability  and  direct  damages 
from  information  security  breaches.  The 
cost  of  cyberinsurance  varies,  based  on  the 
size  and  scope  of  an  organization’s  computer 
systems  and  how  thoroughly  the  company 
has  addressed  security.  Many  security 
experts  predict  that  in  the  future,  these  poli¬ 
cies  and  the  standards  they  impose  will 
shape  how  companies  protect  their  systems. 

■  PAY  ATTENTION  TO  WHAT  SIMILAR 
COMPANIES  ARE  DOING.  Because  so  many 
companies  are  bungling  security,  it  may  be 
simple  to  prove  you’re  doing  as  much  as 
anyone  else.  “Everybody  has  bad  security 
today,”  says  Steve  Hunt,  a  Chicago-based 
analyst  with  Giga  Information  Group. 
“There’s  simply  not  an  awareness  or  an 
understanding  of  what  is  good  security.” 
The  best  you  can  do  is  prove  you’re  try¬ 
ing — that  you’re  doing  as  much  as  the  com¬ 
pany  next  door. 

So  that’s  it,  folks.  The  best  defense  for  this 
impending  legal  hassle  is  a  much-advised, 
often-ignored  list  of  best  practices.  The  ques¬ 
tion  is  whether  the  gathering  clouds  will 
have  the  proverbial  silver  lining  and  generate 
an  incentive  for  companies  to  act  on  secu¬ 
rity  best  practices.  In  the  process  of  doing 
so,  they  just  might  prevent  hackers  from 
doing  damage  in  the  first  place. 

“There’s  always  going  to  be  that  rare 
group  of  people  who  want  to  take  advan¬ 
tage  of  the  system,”  says  Bette  Walker,  CIO 
of  Energy  and  Chassis  Systems  for  Delphi 
Automotive  Systems  in  Flint,  Mich. 
“Security  can  become  a  legal  problem.  I 
think  of  it  first  as  preventing  a  problem  from 
occurring.  Then  the  next  step,  I  don’t  have 
to  worry  about.”  BE] 


Sarah  D.  Scalet,  senior  writer  and  security  editor, 
can  be  reached  at  sscalet@cio.com. 


Understand  the  Risks 

Looking  for  a  few  good  reasons  to  improve  security  ? 

Attorneys  say  the  following  scenarios  are  likely  to  result  in  lawsuits,  which  may  not 
be  covered  by  normal  business  insurance.  A  company’s  best  defense  will  be  proof  that 
it  follows  security  best  practices— from  establishing  an  in-house  security  policy  to 
testing  how  well  those  procedures  actually  work. 

BREACH  OF  CONTRACT:  When  a  business  violates  a  nondisclosure  agreement  or 
fails  to  live  up  to  a  privacy  statement  made  to  customers. 

DENIAL-OF-SERVICE  ATTACKS:  When  a  company  with  a  legal  obligation  to  keep 
its  website  up  is  hit  by  attacks  that  cause  an  outage  or  when  a  company  plays  an 
unwitting  role  in  a  denial-of-service  attack  launched  on  another  company. 

MALICIOUS  CODE:  When  a  computer  system  transmits  malicious  code  to  another 
computer  system,  thereby  causing  damage  and  financial  loss.  This  includes  viruses  or 
worms  sent  through  e-mail. 

PERSONAL  INJURY:  When  hackers  steal  or  publish  personal  information.  Customers 
could  sue  for  damages  under  the  same  laws  that  allow  injured  customers  to  sue  stores 
for  not  scraping  the  ice  off  their  steps. 

INAPPROPRIATE  WEB  CONTENT:  When  information  on  a  website  violates  a 
copyright  or  trademark  or  is  libelous.  American  Insurance  Group  also  has  settled 
claims  for  policyholders  whose  websites  were  defaced  by  hackers. 

NOT  PROTECTING  SHAREHOLDER  VALUE:  When  a  security  breach  results  in  a 
significant  loss,  either  of  money  or  customer  confidence,  causing  the  stock  price  to 
plummet.  -S.S. 
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To  deliver  on  the  promise  of  e-business,  you  need  a  complete,  trusted 
online  environment.  This  means  knowing  who  you're  doing  business 
with  and  giving  them  access  to  the  right  resources.  That's  where  authori¬ 
zation  comes  in.  Authorization  empowers  organizations  to  safely  push 
their  business  processes  out  of  the  back  office  and  onto  the  Web,  where 
they  can  be  accessed  by  employees,  customers  and  partners.  Unleashing 
dramatic  cost  savings,  improved  customer  service,  stronger  relationships 
and  faster  response  to  a  rapidly  changing  business  environment. 

When  you're  ready  for  an  authorization  solution,  you  need  a  partner  you 
can  trust.  More  than  8,000  organizations  already  trust  RSA  Security  to 
deliver  e-security  solutions.  RSA  ClearTrust®  is  our  privilege  management 
and  user  access  solution  that  can  meet  your  authorization  needs.  To 
learn  more,  contact  RSA  Security,  the  most  trusted  name  in  e-security, 
at  800-495-1095  or  www.rsasecurity.com/go/cleartrust. 
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Information  security  lapses  present 
one  front  of  a  looming  courtroom  battle 
(read  “See  You  in  Court,”  Page  62). 

Legal  Expert  Arthur  Miller  says  CIOs  and 
corporate  America  also  have  to  protect 
people’s  privacy— or  risk  a  jury’s  wrath. 

BY  ALISON  BASS 


AS  AMERICA  GIRDS  AGAINST  TERRORISM,  FEDERAL  PRIVACY  REGULATIONS  THAT  RESTRICT  THE 

exchange  of  data  online  will  probably  take  a  back  seat  to  law  enforcement’s  need  to  know. 
But  that  doesn’t  let  corporate  America  off  the  hook  when  it  comes  to  protecting  the  privacy 
of  consumers.  Harvard  Law  Professor  Arthur  Miller,  the  former  host  of  the  TV  show  Miller’s 
Court  and  one  of  the  country’s  best  legal  minds,  says  corporate  executives  should  be  espe¬ 
cially  concerned  about  protecting  their  companies  and  themselves  from  class  action  law¬ 
suits  stemming  from  the  intrusive  use  of  personal  data  gathered  online.  And  if  that’s  not 
enough  to  scare  any  right-thinking  CIO,  Miller — a  longtime  expert  on  the  impact  of  tech¬ 
nology  on  privacy  and  author  of  one  of  the  first  books  on  the  subject,  The  Assault  on  Privacy: 
Computers,  Data  Banks  and  Dossiers  (University  of  Michigan  Press,  1971) — has  himself 
become  involved  in  several  of  these  high-profile  cases. 

In  a  recent  interview  in  his  cluttered  book-lined  office  at  Harvard,  the  courtly  looking 
Bruce  Bromley,  professor  of  law,  expounded  on  the  principles  behind  these  lawsuits  and 
discussed  the  line  corporations  should  be  careful  not  to  cross  when  collecting  and  using 
their  employees’  and  customers’  personal  information. 
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CIO:  You've  been  writing  about  privacy 
issues  for  the  past  30  years.  How  has  the 
Internet  changed  the  tenor  of  the  debate? 

MILLER:  Before  the  computer  came  along, 
the  greatest  privacy  protector  was  that  you 
could  never  find  anything.  The  safest  place 
in  the  world  was  a  manila  folder  in  some 
file  drawer.  I  certainly  can’t  find  things  in 
my  files.  [He  laughs  and  gestures  helplessly 
around  his  office,  where  stacks  of  papers 
cover  every  available  surface.]  The  com¬ 
puter  has  changed  that  calculus.  Now  you 
have  the  ability  to  record  everything,  and 
you  get  a  mentality  that  it’s  important  to 
record  everything.  And  the  Internet  allows 
direct  marketers  to  come  into  people’s 
homes  and  offices  and  buy  privacy.  It  has 
changed  the  scale  of  [intrusiveness]  to  a 
degree  we  could  never  contemplate  before. 

But  the  industry  pollsters  say  that 
Americans  don’t  really  care  about  privacy 
in  this  new  age.  After  all,  con¬ 
sumers  keep  giving  websites 
personal  information  in  order  to  do 
business  online,  so  how  much  do 
they  really  care  about  privacy? 

I  think  it  depends  on  how  you 
phrase  the  question.  If  you  put  the 
issue  of  privacy  in  terms  of  civil 
liberties  or  medical  records,  you  get 
very  strong  pro-privacy  reactions. 
But  if  you  put  it  in  terms  of 
accessed  goodies,  then  it  becomes  a 
trade-off,  which  leads  one  to 
believe  that  Americans  care  less 
about  privacy  in  the  commercial  context 
than  they  do  in  the  medical  or  employment 
context.  And  it’s  clear  that  in  certain 
environments,  Americans  are  willing  to  sell 
their  privacy.  Give  them  a  freebie  online 
and  they’ll  give  you  some  of  their  privacy. 

Which  is  the  greater  threat:  hackers  who 
are  looking  to  steal  data  or  the  sale  of 
private  information  to  third  parties? 

In  terms  of  dimension,  the  bigger  problem 
is  the  free  movement  of  personal  informa¬ 
tion  in  the  economic  system.  Yes,  there  are 
hackers  out  there,  and  you  have  to  protect 
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your  systems  against  them,  but  I  don’t 
think  they  pose  the  privacy  threat  that  the 
self-interest  of  an  entity  to  sell  or  exploit 
data  possesses.  Information  is  so  valuable, 
and  circumstances  are  so  unpredictable. 
Look  at  all  those  dotcoms  that  have  folded 
up;  their  only  asset  is  their  customer  base, 
so  they  have  every  incentive  to  sell  that. 

And  there’s  a  lot  of  stuff  going  on  out  there 
that’s  on  the  fringe  of  being  very,  very 
intrusive.  Like  the  rampant,  uncontrolled 
use  of  cookies  that  give  corporations 
information  about  your  susceptibilities. 

Even  beyond  cookies,  many  corporations 
invest  tremendous  resources  in  CRM 
systems  that  capture  personal  data  and  use 
it  to  target  customers  more  effectively— for 
example,  by  segmenting  them  into  high- 
and  low-value  customer  groups  and  then 
treating  them  accordingly.  Do  people 
recognize  the  extent  to  which  their  per¬ 
sonal  information  is  being  used  in  this  way? 
I  don’t  think  Americans  understand  that 
someone  is  capturing  data  on  them  every 
time  they  do  something,  whether  they  buy 


something  on  Amazon.com  or  use  the  Net 
to  book  an  airline  seat.  And  when  people 
are  affected  by  this,  they  don’t  even  know 
it.  I  mean,  say  you  get  turned  down  for 
credit.  How  often  can  you  figure  out  why 
you’ve  been  turned  down  for  credit? 

I  don’t  mind  if  people  sell  their  privacy. 
You  can  sell  anything  you  want  in  this 
country  except  your  children.  But  what 
disturbs  me  is  that  individuals  are  not 
sufficiently  informed  to  make  intelligent 
choices.  You  know,  way  back  in  the  early 
days  of  this  business,  at  least  Reader’s 
Digest  gave  you  a  choice.  The  magazine 


would  say,  “Look,  we’d  like  to  put  you  on 
a  [subscriber]  list  and  sell  it,  but  if  you  tell 
us  no,  we’ll  take  you  off  the  list.”  Now 
consumers  don’t  often  get  that  choice.  And 
they  don’t  know  what  the  consequences  of 
opting  out  are.  You  don’t  know  if  you  go 
on  a  special  list  of  opt-outs  and  then  get 
treated  as  a  shabby  customer.  It’s  one  thing 
to  say,  “Well,  if  you  opt  out,  I’m  not  going 
to  put  banners  on  your  screen.”  It’s  another 
thing  to  say,  “I’m  going  to  sell  your  name 
or  treat  you  like  a  second-class  citizen.” 

[For  example,  by  putting  you  on  hold  for 
longer  than  customers  who  have  opted  in, 
or  not  giving  you  the  same  discounts  that 
might  be  afforded  a  more  cooperative 
customer.] 

What's  the  downside,  if  any,  of  not  telling 
your  customers  what  you're  planning  to  do 
with  their  information? 

We’ve  already  seen  a  wave  of  litigation 
around  the  cookie  business.  Privacy  buffs 
have  gone  after  Doubleclick  [a  New  York 
City-based  company  that  tracks  consumer 
preferences  for  advertisers]  in  several 


lawsuits.  What  some  people  argue  is  that 
collecting  information  in  this  way  is  no 
different  from  wiretapping  or  eavesdrop¬ 
ping.  It’s  an  intrusion,  and  it  goes  to  the 
complete  absence  of  consent.  Unfor¬ 
tunately,  the  federal  statutes  are  so  primi¬ 
tive — they  were  enacted  at  a  time  before 
cookies  were  understood — that  a  lot  of 
courts  are  going  to  have  difficulty  applying 
the  laws  to  prevent  this  kind  of  privacy 
intrusion. 

However,  to  make  the  Web  work  eco¬ 
nomically,  companies  will  have  to  provide 
some  security  and  confidentiality  to  their 


customers.  Then  again,  privacy  may  get 
indirect  help  from  people’s  mercenary 
instincts.  Retailers  will  realize  that  you  won’t 
come  on  the  Web  if  you  think  somebody’s 
going  to  steal  your  credit  card  number. 

The  invasions  of  privacy  I  see  are  not 
invasions  by  Big  Brother.  They’re  not 
invasions  by  a  malevolent  government. 
They  are  invasions  that  occur  because 
people  see  an  economic  motivation  to 
capturing  personal  data,  and  they  want  to 
market  something.  The  question  is,  Have 
you  given  people  a  choice  to  be  part  of  that 
marketing  scheme  or  not? 

Which  method  do  you  think  is  more 
effective  in  protecting  privacy,  the  opt-in 
one  that  Europe  has  or  the  opt-out  method 
that  most  U.S.  companies  employ? 

Opt-in  is  a  little  tough.  If  you  go  to  an 
opt-in  system,  you  could  do  serious  dam¬ 
age  to  the  economic  vitality  of  marketing, 
and  that’s  not  something  I  want  to  achieve. 
Opt-out  is  less  dangerous  from  that  per¬ 
spective,  but  maybe  it  has  to  be  reinforced 
by  full  information  as  to  what  you’re 

opting  out  of  or  why  you 
might  want  to  think  twice 
about  opting  out.  A  number 
of  countries  in  western 
Europe  do  something  we 
haven’t  done  yet  and  that  is 
they  have  a  privacy  ombuds¬ 
man — a  civil  servant  whose 
job  is  to  represent  the  people 
in  their  dealings  with  corpo¬ 
rations  and  government  agencies.  Just  to 
make  sure  people  are  dealt  with  fairly. 

Will  privacy  concerns  be  a  major  stumbling 
block  for  e-commerce  and  the  exchange  of 
data  online?  If  so,  what  can  be  done  to 
forestall  that? 

It  depends  on  how  upset  people  get.  All 
you  need  is  one  horror  story,  one  anecdote 
that  creates  a  widespread  loss  of  confi¬ 
dence.  And  that  would  have  serious  eco¬ 
nomic  consequences.  That  would  sour 
online  commerce  for  a  lot  of  people.  A  lot 
of  dotcoms  [including  AmeriCounsel.com, 


“There  are  hackers  out  there,  and  you  have  to  protect 
your  systems  against  them,  but  they  don’t  pose  the 
privacy  threat  that  the  self-interest  of  an  entity  to 
sell  or  exploit  the  data  possesses.” 
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Taking  cost  out  of  your  business, 
re  important  today  than  ever  before 


support  and  service  network  that  has 
companies  like  yours  putting  Brother 
laser  printer  solutions  at  the  top  of  their 
requisition  lists. 

Brother's  Commercial  Division  welcomes 
the  opportunity  to  put  our  resources  to 
work  for  you.  Contact  us  today  so  we 
can  show  you  how  we  can  positively 
impact  your  bottom  line  while  enhancing 
your  performance. 

For  more  information,  call  1-866-455-7713,  ext.  905 
_  _  _  At  your  side. 


That's  why  Brother's  Commercial  Division 
is  committed  to  providing  superior  and 
reliable  business  printers  that  increase 
productivity  while  reducing  costs.  This 
enables  businesses  like  yours  to  more 
effectively  address  critical  organizational 
goals  and  challenges. 

But  it  is  our  product  reliability  coupled 
with  a  responsive  nationwide 
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a  venture  Miller  was  involved  in]  failed 
because  of  the  basic  difficulty  of  getting 
people  to  readjust  their  thinking.  When 
they  think  of  legal  assistance,  for  example, 
many  people  want  to  sit  down  with  some¬ 
one  they  trust;  they  want  a  face  behind  the 
advice.  But  much  of  law  as  it  affects  the 
ordinary  person  is  cookie-cutter  stuff,  like 
advice  about  wills  or  buying  a  home,  and 
you  don’t  really  need  a  face  to  do  certain 
typical  things.  AmeriCounsel.com  was 
designed  to  provide  that  kind  of  low  cost 
and  stereotypical  legal  counsel.  But  people 
couldn’t  get  used  to  the  idea  of  giving  up 
that  kind  of  information  online.  I  think 
eventually  Americans  will  get  used  to  it, 
particularly  if  their  privacy  is  protected. 

What  kind  of  legal  consequences  should 
CIOs  be  concerned  about  as  they  build 


systems  that  capture  personal  data? 

Every  employer  is  required  by  law  to 
provide  a  safe  workplace  for  its  employees, 
and  that  extends  to  a  safe  informational 
workplace.  Similarly,  a  company  and  its 
CIO  have  to  be  concerned  about  a  safe 
informational  environment  for  their  cus¬ 
tomers  because  if  calamity  strikes  and  there 
were  things  you  could  have  done  but  didn’t, 
some  jury  somewhere  is  going  to  smack  you 
across  the  snout  with  a  two-by-four. 

Suppose,  for  example,  that  you’re 
collecting  medical  data  and  your  system  is 
not  up  to  standard.  If  there  are  security 
precautions  you’re  not  using  and  somebody 
hacks  in,  and  Joe  Smith  gets  hurt  because 
his  wife  finds  out  he  has  AIDS  or  some¬ 
body  engages  in  identity  theft,  your  infor¬ 
mation  system  has  some  legal  problems. 
Sometimes  we  have  to  protect  people  by 


pointing  the  gun  at  others.  And  that  gun  is 
legal  liability.  Juries  have  shown  themselves 
capable  of  getting  extremely  angry  when 
people  are  not  protected  and  they  could 
have  been  protected. 

Does  that  liability  extend  to  one  company 
sharing  customer  data  with  another 
company? 

Yes.  I  recently  argued  a  case  before  the 
Supreme  Judicial  Court  of  Massachusetts 
involving  the  national  drugstore  chain 
CVS.  It  was  giving  identifiable  prescription 
information  to  drug  companies,  and 
someone  brought  a  class  action  suit.  The 
question  I  argued  before  the  court  was 
whether  this  was  a  proper  class  action.  The 
court  said  yes,  that  a  class  action  could  be 
brought  against  CVS  on  the  theory  that 
CVS  had  violated  the  relationship  between 


pharmacist  and  customer  by  providing 
identifiable  information.  CVS  has  since 
settled  the  case,  and  they’re  not  doing  it 
anymore.  The  question  now  is  whether  the 
drug  companies  who  got  the  information 
will  be  held  liable. 

It’s  like  the  Doubleclick  litigation.  These 
lawsuits  are  designed  to  get  companies  to 
improve  their  practices. 

But  it's  not  clear  how  effective  these  suits 
will  be,  given  the  existing  statutes.  Are 
federal  regulations  that  deal  with  cookies 
and  other  privacy  issues  inevitable? 

Most  of  the  privacy  legislation  that  does 
exist  was  the  product  of  a  Democratic 
Congress  in  the  1960s  and  ’70s.  With  the 
current  Congress,  I  think  passing  such 
legislation  will  be  an  uphill  battle — even 
more  so  in  light  of  the  recent  terrorist 
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attacks.  There’s  no  question  there  will  be 
increased  pressure  to  overturn  privacy 
guarantees  in  the  wake  of  Sept.  11.  Still, 
privacy  doesn’t  necessarily  fall  on  that 
liberal  and  conservative  line;  there  are  a  lot 
of  very  conservative  forces  that  are  pro¬ 
privacy  and  vice  versa. 

I’m  big  on  medical  privacy,  so  that’s  an 
area  where  I  think  regulations  are  neces¬ 
sary.  In  addition,  some  thought  should  be 
given  to  employee  privacy.  I  think  employ¬ 
ees  are  entitled  to  a  certain  amount  of  pri¬ 
vacy.  Some  states  already  have  legislation 
around  this;  others  don’t.  So  it  may  be  nec¬ 
essary  to  have  some 
federal  legislation  to 
protect  employees  in 
the  workplace.  That 
doesn’t  mean  everyone 
has  the  statutory  right 
to  e-mail  anything 
they  want,  but  you 
have  to  make  clear  to 
people  what  their  vul¬ 
nerabilities  are,  that  they  are  being  moni¬ 
tored  constantly.  Most  major  employers  do 
that  now,  and  I  think  they  understand  there 
is  a  legal  risk  if  you  don’t  inform  your  em¬ 
ployees  about  what’s  going  on. 

What  about  gathering  data  for  e-commerce 
purposes?  Will  Congress  intervene  there? 

As  I  said  before,  all  you  need  is  one  nasty 
event  to  foul  the  water.  I  think  a  lot  of 
companies  exercising  goodwill  and  com¬ 
mon  sense  will  make  good  decisions.  But 
they  will  be  tarnished,  unfortunately,  by  the 
bad  apples,  by  the  people  who  try  to  sell 
data  when  they  shouldn’t.  And  it’s  a  sad 
fact  of  life  that  we  very  often  make  policy 
in  this  country  by  anecdote.  It’s  the  squeaky 
wheel  effect.  HH 


E-mail  Senior  Editor  Alison  Bass  at  abass@cio.com. 


“A  CIO  has  to  be  concerned  about  a  safe  informational 
environment  for  customers,  because  if  calamity  strikes 
and  there  were  things  you  could  have  done  but  didn’t,  a 
jury  will  smack  you  across  the  snout  with  a  two-by-four." 
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MSK 

Say  They’ll  Do  It 
AH  ForYou 

A  MANAGEMENT  SERVICE  PROVIDER  (MSP)  IS 
a  vendor  that  remotely  manages  and  monitors  enterprise 
applications — anything  from  ERP,  CRM  or  firewalls  to 
proprietary  e-business  applications — or  network  infrastructure. 
These  vendors  make  their  money  by  charging  businesses  on  a 
subscription  basis — per  device,  servers,  PCs  and  so  on. 

MSPs  claim  to  be  an  improvement  over  the  ASP  model  because  they  permit 
companies  to  outsource  the  maintenance  of  their  applications — making  sure  they’re 
up  and  running,  providing  fixes  when  they’re 
not — without  outsourcing  the  applications 
themselves,  thus  providing  a  relatively  cheap,  Reader  ROI 

easy  and  unobtrusive  way  for  a  company  to  ►  See  how  management 

prevent  outages  and  malfunctions.  Meanwhile,  service  providers 

because  MSPs  provide  24/7  monitoring,  compa-  developed 

nies  don’t  have  to  worry  about  staffing  up  to  ►  Determine  if  MSPs  are 

handle  that  nonrevenue-producing  task.  And  right  for  you 

if  the  MSP  suddenly  shuts  its  doors,  as  has  ►  Read  tips  on  working 

happened  all  too  often  in  the  ASP  world  (and  with  an  MSP 


Hard  on  the  heels 
of  the  ASP  comes  the 
latest  outsourcing 
model:  the  MSP, 
or  managed  service 
provider.  They  say 
they’re  the  answer  to 
your  prayers.  Let’s 
take  a  closer  look. 

BY  ERIC  BERKMAN 
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OurHouse.com  CTO 
Tim  Britt  hired  an  MSP 
to  manage  his  site  s 
applications.  Now,  he 
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IT  Outsourcing 


There  are  an  estimated  200-odd 

MSPs  right  now,  and  there  are  simply  not 
enough  customers  to  keep  them  all  afloat. 


recently  in  the  MSP  world  too),  the  busi¬ 
ness  can  continue  because  it  still  has  its 
applications. 

“MSPs  are  a  little  easier  to  stomach  [than 
ASPs],”  says  Corey  Ferengul,  an  analyst 
who  covers  IT  services  outsourcing  for  Meta 
Group  in  Stamford,  Conn.  “You  can  tell 
yourself,  ‘Oh,  I’m  just  having  someone  mon¬ 
itor  my  applications.’  That’s  not  nearly  as 
intrusive  to  an  organization  as  having  some¬ 
one  take  over  your  applications.” 

That  sounds  good,  but  if  you’re  thinking 
about  using  an  MSP  to  take  some  of  the 
load  off  IT,  you  should  be  aware  of  some 
potential  problems. 

First,  many  MSPs  are  no  more  stable  than 
the  ASPs  were  (see  “Boy,  That  Was  Fast,” 
Nov.  15, 2000),  and  that’s  saying  something. 
According  to  Giga  Information  Group  ASP 
Analyst  David  Friedlander,  a  year  ago  there 
were  an  estimated  300  ASPs.  Today,  about 
50  of  them  have  gone  out  of  business  and 
another  100  have  changed  their  business 
models  so  radically  that  they  can  no  longer 
be  considered  ASPs.  By  comparison,  there 
are  an  estimated  200-odd  MSPs  right  now, 
and  according  to  Ferengul  there  are  simply 
not  enough  customers  to  keep  them  all 
afloat.  In  fact,  several — including  i-Sharp, 


ManagelT  and  Intira — have  already  folded. 

Also,  not  all  MSPs  are  alike.  Some  aren’t 
as  scalable  as  others,  which  at  a  critical  time 
might  leave  a  company  waiting  in  line  for 
service  as  the  MSP  takes  on  new  customers. 
And  certain  MSPs  are  limited  in  the  plat¬ 
forms  they  support,  which  means  that  if  a 
shop  runs  a  variety  of  platforms  and  tech¬ 
nologies,  it  may  have  to  contract  with  a 
number  of  MSPs  to  meet  its  various  needs. 

Finally,  the  MSP  market  is  in  its  very  early 
stages,  which  means  that  pricing  could  be 
unstable  during  the  next  year  or  two  as  the 
market  matures. 

But  all  this  shouldn’t  necessarily  stop  you 
from  considering  the  MSP  option,  especially 
given  the  current  economy.  As  Stan  Schatt, 
a  vice  president  in  charge  of  the  networking 
and  communications  group  at  Cambridge, 
Mass. -based  Giga  Information  Group, 
points  out,  a  lot  of  companies  are  in  hiring 


freezes  right  now.  In  this  climate,  outsourc¬ 
ing  IT  monitoring  and  management  can  be  a 
good  solution,  at  least  for  the  short  term. 

Voices  of  Experience 

The  MSP  name  describes  several  kinds  of 
players,  including  pure  play — what  analysts 
call  the  most  basic  MSP  model.  It  manages 
and  monitors  its  customers’  applications  and 
networks,  and  that’s  all. 

Other  types  of  MSPs  include  Santa  Clara, 
Calif.-based  Exodus  and  Beltsville,  Md.- 
based  Digex,  both  large  colocation  and 
hosting  companies.  As  opposed  to  pure 
plays,  which  offer  monitoring  as  their  core 
product,  companies  such  as  Exodus  and 
Digex  specialize  in  providing  the  space  and 
hardware  needed  to  physically  house  and 
power  infrastructures — offering  monitoring 
and  management  as  a  secondary  product. 

Management  service  providers  offering 
those  types  of  services  have  been  facing 
falling  revenues  because  of  the  dotcom  crash 
and  the  consequent  softening  of  the  coloca¬ 
tion  and  hosting  markets,  and  are  adding 
management  services  such  as  application  and 
network  monitoring  to  try  to  expand  their 
businesses.  Some  of  these  companies  don’t 
have  in-house  MSP  expertise;  instead  they’re 
partnering  with  pure  plays,  such  as  Rancho 
Santa  Margarita,  Calif.-based  SiteLite  and 
Chantilly,  Va. -based  SevenSpace,  and  re¬ 
branding  these  services  to  their  customers  as 
add-ons  to  what  they  already  provide.  Mean¬ 
while,  some  MSPs — such  as  San  Francisco- 
based  Totality  and  Bedford,  Mass. -based 
InteQ — are  closer  to  pure  plays,  but  they  can 
also  rent  infrastructures  such  as  servers,  net¬ 
works  and  hosting  services. 

But  all  management  service  providers,  no 
matter  what  their  model,  make  the  same 
sales  pitch:  They  can  do  a  critical  job  better 


The  Inevitability  of  the  MSP 

As  hardware  and  software  costs  go  down ,  the  cost  of  people 
and  time  go  up 

THE  EMERGENCE  OF  MSPs  is  a  predictable  macroeconomic  development,  says 
Kraft  Foods  Senior  Vice  President  and  CIO  Steve  Finnerty,  a  30-year  IT  veteran. 
Companies  outsource  whatever  is  most  costly  to  them  at  the  time. 

In  the  1970s,  Finnerty  relates,  hardware  was  expensive.  So  companies  engaged 
in  hardware  time-share  agreements,  a  precursor  to  outsourcing. 

By  the  1990s,  software  had  become  a  huge  cost  center.  Hence  the  rise  of  ASPs. 
Now,  it’s  people  that  are  costly.  Companies  can’t  afford  to  maintain  huge  IT  staffs, 
which  is  where  MSPs  come  in,  replacing  the  people  you’d  need  to  watch  every  server, 
router  and  box  around  the  clock,  making  sure  your  applications  or  network  don’t 
go  down. 

“To  me  the  [outsourcing]  pendulum  is  following  economics,”  Finnerty  says.  “That’s 
the  historical  perspective  I  see.  Moving  from  hardware  to  software  to  the  people 
aspect  of  managing  business  processes.”  -E.B. 
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100%  of  your  disk  capacity  is  now  usable 
for  storage.  We  call  this  revolutionary  idea 
getting  what  you  pay  for. 
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R.R.  Donnelly  &  Sons 
Senior  Director  of  IT 
Operations  Rich 
Guetzloff  has  seen 
outages  decline 
since  engaging  an 
MSP  to  monitor 
his  firewall. 


and  more  cheaply  than  you  can.  Totality 
customer  Tim  Britt,  CTO  of  OurHouse.com 
in  Evanston,  Ill.,  ACE  Hardware’s  exclusive 
Internet  distribution  channel,  seconds  that 
notion.  Until  last  April,  Britt  managed  and 
monitored  the  company’s  applications  in- 
house.  “In  order  for  things  to  work 
smoothly,  we  needed  people  to  be  on  call  24 
hours  a  day,”  Britt  says,  pointing  out  that 
one  experienced  database  administrator  was 
getting  called  about  three  nights  a  week  to 
deal  with  outages. 

Now  that  Totality  monitors  and  manages 
the  site’s  applications,  Britt  says  the  night 
calls  have  ceased.  “Now  [our  internal  IT 


staff]  can  focus  on  things  that  enable  devel¬ 
opment  of  new  features  and  allow  us  to 
improve  our  business.” 

Management  service  providers  claim  that 
their  monitoring  tools  enable  them  to  detect 
potential  outages  long  before  an  internal  IT 
staff  could,  OurHouse.com,  for  example, 
gets  a  nightly  feed  from  ACE  with  the  SKU 
numbers  of  all  the  ACE  products  that 
OurHouse.com  is  supposed  to  put  up  on  the 
site — usually  about  30,000  items.  The  feed 
contains  information  about  new  products 
and  which  items  are  out  of  stock. 

Before  Totality  began  monitoring  Our- 
House.com,  the  site  failed  to  accept  the  feed 


at  least  once  a  week,  and  Britt  wouldn’t 
know  about  it  until  the  next  morning.  This 
caused  huge  difficulties.  If  100  people  or¬ 
dered  a  hammer  that  should  have  been  listed 
as  out  of  stock,  for  example,  the  company 
would  have  to  call  100  annoyed  customers. 
Now  Totality  sees  that  a  feed  didn’t  come 
through,  takes  a  prescribed  set  of  actions  and 
in  most  cases  gets  the  process  to  work  with¬ 
out  Britt  getting  involved.  “The  fact  that  they 
can  catch  it  and  deal  with  it  before  customers 
place  a  bunch  of  orders  probably  saves  us  a 
good  10  hours  of  dealing  with  customer- 
service  problems,”  says  Britt. 

Rich  Guetzloff,  senior  director  of  IT  oper- 
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Your  storage.  Your  staff.  Even  your  budget.  With  SANsymphony™  software  from  DataCore.  SANsymphony  virtualizes  storage,  making  it  much 
easier  for  your  staff  to  manage.  And  that  will  make  your  staff  much  easier  for  you  to  manage.  As  for  your  budget,  our  free  ROi/TCO  white  paper 
will  show  you  how  quickly  SANsymphony  can  pay  for  itself.  Check  it  out  at  www.datacore.com/control.  All  of  your  decisions  should  be  this  easy. 
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arions  at  R.R.  Donnelly  &  Sons,  a  $5  bil¬ 
lion  Chicago-based  printing  company,  uses 
MSP  Rolling  Meadows,  Ill. -based  Telenisus 
to  monitor  his  Checkpoint  firewall.  Before 
signing  on  with  Telenisus  a  year  ago,  Don¬ 
nelly  experienced  regular  outages,  including 
one  that  lasted  for  more  than  24  hours.  But 
since  Telenisus  began  monitoring,  Don¬ 
nelly’s  longest  outage  has  been  four  hours. 
“It  would  take  us  at  least  twice  as  long  as 
them  to  figure  things  out  each  time,” 
Guetzloff  says.  “And  I  had  one  guy  doing 
the  job.  And  if  he  was  on  vacation,  we’d 
be  struggling  with  the  second-most  know¬ 


ledgeable  guy  trying  to  figure  things  out.” 

Despite  these  positive  reviews,  most  cus¬ 
tomers  who  spoke  with  CIO  are  more  com¬ 
fortable  having  MSPs  manage  their  net¬ 
works,  not  their  applications.  Craig  Allen, 
CIO  of  Meritage,  an  $800  million  manufac¬ 
turing-services  company  in  Santa  Fe  Springs, 
Calif.,  uses  NetSolve  to  manage  a  WAN  that 
connects  all  29  companies  under  Meritage ’s 
umbrella.  He  says  the  Austin,  Texas-based 
NetSolve  has  been  great  at  detecting  and 
addressing  network  outages,  but  that’s  as 
far  as  he  wants  to  go  at  this  point.  Allen  feels 
that  applications  simply  cut  too  close  to  the 


Before  signing 
— ‘th  an  MSP, 
fFInet  CIO 
Russ  Lewis 
its  to  know 
ow  it  plans 
o  help  him 
ansition  to 
another 
provider, 
should  the 
first  MSP 
go  under. 


company’s  core  competencies,  and  no  MSP 
can  understand  his  business  well  enough  to 
handle  them.  “MSPs  are  fine  for  networks, 
but  applications  are  living,”  he  says.  “They 
change  to  fit  our  environment,  and  we  mod¬ 
ify  them  on  a  day-to-day  basis.  And  the 
more  difficult  the  application,  the  tougher 
it  becomes  to  outsource.” 

There  are  other  troubling  issues  with 
MSPs.  Several  pure  plays — such  as  I-Sharp 
(R.I.P.  spring  2001)  and  ManagelT  (also 
R.I.P.  spring  2001) — have  already  gone  out 
of  business.  This  instability  in  the  MSP  space 
contributes  to  unstable  pricing;  the  monthly 
per-server  cost  of  MSP  services  can  fluctu¬ 
ate  anywhere  from  50  bucks  to  several  hun¬ 
dred  dollars  a  month  without  any  real  logic, 
says  Giga’s  Schatt.  Plus,  if  it’s  your  MSP  that 
goes  bust,  get  ready  for  headaches. 

David  Cooper,  director  of  field  informa¬ 
tion  services  and  technology  for  Wickes,  a 
$1  billion  Vernon  Hills,  Ill.-based  lumber  and 
building  supply  retailer,  was  using  Comdisco, 
an  equipment-leasing  company  that  offered 
MSP  services,  to  monitor  the  AT&T  frame- 
relay  network  that  connects  Wickes’  115 
stores.  When  Comdisco  announced  this 
spring  that  it  was  leaving  the  MSP  space  (the 
company  subsequently  filed  for  Chapter  1 1  in 
July),  it  gave  Cooper  about  90  days  to  find  a 
replacement  before  it  pulled  the  plug  on  its 
monitoring  services.  And  it  took  Cooper  the 
whole  90  days  to  research  all  potential  part¬ 
ners.  He  eventually  settled  on  NetSolve  but 
found  the  entire  experience  upsetting.  “It’s 
kind  of  like  getting  married  and  before  the 
honeymoon  is  over,  your  spouse  says,  ‘Go 
find  someone  else.’” 

Nevertheless,  Cooper  plans  to  stick  with 
MSPs.  Considering  the  money  he’s  not 
spending  on  staffing  for  monitoring,  plus  the 
money  he’s  generating  by  having  his  staff 
focus  on  revenue-generating  activities  like 
applications  development,  he  estimates  that 
Wickes  is  saving  $10,000  a  month  by  going 
with  an  MSP. 

Of  course,  not  all  MSPs  provide  the  top¬ 
flight  service  Britt  and  Guetzloff  report. 
Larry  Anderson,  director  of  IS  operations 
and  technology  for  Cost  Plus  World  Market, 
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a  specialty  retailer  in  Oakland,  Calif.,  was 
also  using  Comdisco  to  manage  his  WAN-a 
frame-relay  network  connecting  approxi¬ 
mately  150  retail  stores,  corporate  head¬ 
quarters  and  a  main  distribution  center.  He 
says  his  own  IT  people  would  detect  prob¬ 
lems  before  his  MSP  did. 

“We’d  notice  that  a  circuit  wouldn’t  be 
connecting  to  a  particular  store,  and  we’d 
check  the  Comdisco  logs  and  see  that  they 
hadn’t  noticed  the  problem,”  Anderson 
recalls.  “They’d  only  notice  when  we  con¬ 
tacted  them.  Obviously,  that  defeats  the  pur¬ 
pose  of  having  an  MSP.” 

How  to  Make  an 
MSP  Work  for  You 

Anytime  you’re  dealing  with  a  market  as 
new  as  the  MSP,  it’s  difficult  to  be  sure  about 
what  service  you’ll  end  up  getting.  To  pro¬ 
tect  yourself,  there  are  certain  things  you 
should  do  when  vetting  candidates. 

■  NEGOTIATE  AN  EXIT  STRATEGY.  If  your 
MSP  goes  bust,  it  can  be  a  headache  to  find 
a  replacement  because  you’re  not  only  los¬ 
ing  time  and  labor,  you’re  losing  people  who 
know  your  network  and  your  apps.  Those 
can’t  be  replaced;  they  have  to  be  rebuilt. 


“You  have  people  familiar  with  the  care, 
feeding  and  idiosyncrasies  of  your  applica¬ 
tions  and  how  to  fix  them,”  says  Russ  Lewis, 
executive  vice  president  and  CIO  of  GFInet, 
the  online  arm  of  New  York  City-based 
financial  services  company  GFI.  Lewis  is 
concerned  about  avoiding  that  particular 
pain.  Lewis  uses  White  Plains,  N.Y.-based 
Metromedia  Fiber  Network  (MFN)  to  man¬ 
age  his  ERP  system  and  Web  applications. 
He  says  employing  MFN  saves  his  company 


cio.com _ 

For  more  information  on  IT  outsourcing 
visit  our  OUTSOURCING  RESEARCH 
CENTER  at  www.cio.com/outsourcing. 


$1.6  million  a  year.  The  worst-case  scenario, 
he  says,  occurs  if  the  MSP  is  also  providing 
hosting  or  colocation  services — as  it  does  for 
GFInet.  In  that  case,  “[the  MSP  people]  shut 
their  doors,  you  can’t  get  at  your  hardware, 
and  your  customers  are  connected  to  them 
via  their  network,”  he  says.  “You’d  have  to 
reroute  your  traffic,  take  out  your  applica¬ 
tions,  put  them  on  new  hardware,  and  get  it 
all  up  and  running.” 

Consequently,  when  Lewis  evaluates  an 
MSP,  he’s  as  interested  in  how  it  will  transi¬ 
tion  his  company  away  from  its  services  as 
to  its  services.  He  looks  to  see  that  the  MSP 
will  document  the  sendees  it  has  performed 
so  that  he  has  something  to  give  either  the 
new  MSP  or  people  he  has  assigned  inter¬ 
nally  to  monitor  his  apps.  Lewis  also  wants 
to  be  sure  that  it  keeps  a  full  inventory  of 
hardware  and  routers  so  that  those  succes¬ 
sors  know  what  they’re  working  with.  And 
to  help  move  his  business  to  a  new  MSP,  he 
demands  an  articulated  process  with  pro¬ 


visions  for  a  gap  analysis — in  which  the  MSP 
examines  the  differences  between  its  own 
monitoring  tools  and  those  of  its  successor. 

■  GET  REFERENCES.  There’s  no  better  indi¬ 
cator  of  how  an  MSP  will  handle  your 
business  than  how  it  handles  others’.  But  dif¬ 
ferent  customers  have  different  views  on 
what  to  look  for.  Guetzloff  of  R.R.  Donnelly 
looks  for  big  Fortune  500  customers 
because,  he  figures,  if  the  MSP  can  handle 


those  companies’  monitoring,  they  can 
certainly  handle  his.  “I  especially  look  for 
telecommunications  companies  because 
telecom  is  highly  regulated  and  [they]  can 
face  penalties”  from  the  FCC  for  failing  to 
provide  certain  levels  of  service,  he  says. 

But  Dennis  Upton,  CIO  of  business-equip¬ 
ment  manufacturer  Brother  International  in 
Bridgewater,  N.J.,  looks  for  recommenda¬ 
tions  from  midsize  customers,  where  the 
MSP  is  likely  to  be  the  sole  provider  of  serv¬ 
ices.  Upton,  who  uses  Alpharetta,  Ga.-based 
Seventh  Wave  Technology  to  monitor  his  SAP 
system,  believes  that  a  recommendation  from 
a  customer  dependent  on  the  MSP  is  more 
significant  than  one  from  “the  GMs  and  the 
Citibanks;  they  probably  have  50  firms 
working  there  in  one  way  or  another.” 

■  LOOK  FOR  STANDARDIZED  PROCESSES. 

A  lot  of  MSPs  are  very  new  and  immature, 
and  you  want  to  make  sure  they’ve  really 
established  how  they  operate,  says  Meta 
Group’s  Ferengul.  For  example,  if  you  ask 
what  they  do  for  server  maintenance  or  what 
they  do  when  you  need  a  patch  applied,  and 
they  respond,  “What  do  you  want  us  to  do?” 
it  means  they  don’t  have  standard  operating 
processes  and  you  can’t  be  sure  what  you’ll 
get  out  of  them.  Giga’s  Schatt  adds  that  these 
processes  should  be  automated.  Without 
automation,  the  MSP  won’t  be  able  to  scale 
up  and  your  company  will  be  doomed  to 
service  problems  down  the  road  as  the  MSP 
takes  on  more  and  more  customers. 

■  SIGN  ON  SHORT  TERM.  MSPs  bill  at  a 
per-device  fee  on  a  monthly  basis,  and  serv¬ 
ice  contracts  are  generally  for  one,  two  or 
three  years.  But  given  the  volatility  of  the 
MSP  space,  it’s  wise  to  get  the  shortest  con¬ 
tract  you  can,  says  Schatt.  He  adds  that 
MSPs  will  likely  not  agree  to  contracts 
shorter  than  one  year,  as  it  takes  them 
almost  that  long  to  recoup  their  setup  costs. 

■  SHOP  AROUND.  As  prices  vary  widely 
from  MSP  to  MSP,  it’s  quite  possible  to  play 
them  off  against  each  other  to  get  yourself 
the  best  deal  possible. 


If  your  MSP  goes  bust,  you’re  not 

only  losing  time  and  labor,  you’re  losing  people 
who  know  your  network  and  your  apps. 
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Wireless  is  calling. 
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She  gets  the  message  and  replies  in  real  time. 

Wireless  works.  Right  this  minute.  And  thanks  to  AT&T  Wireless,  your  business  can  become 

- radically  more  efficient.  With  services  for  a  host  of  wireless  devices, 

you  can  access  real-time  information,  Internet,  e-mail,  even 

S  DEAL  CONFIRMED  A  .• 

company  databases.  The  next  generation  of  data  communication 
is  already  here,  and  it’s  AT&T  Wireless  leading  the  way 
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YOUR  WORLD.  CLOSE  AT  HAND. 
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Requires  credit  approval,  activation  fee,  annual  contract  and  a  compatible  wireless  device.  May  not  be  available  for  purchase  or  use  in  all 
areas  See  attwireless.com  for  coverage  information.  Additional  hardware,  software  and  charges  apply  for  some  offers.  Coverage  may  vary  due  to  customer  equipment  and 
other  factors.  Due  to  coverage  limitations,  information  may  not  be  accessible  at'all  times.The  amount  and  type  of  information  available  is  software  and  device  dependent. 
Additional  terms  and  conditions  apply.  ©2001  AT&T  Wireless.  All  Rights  Reserved. 
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The  events  of  200 


If  you  would  like  more  information  about 
CIO  Perspectives:  Strategies  for  the  New  Reality, 
please  call  800  366-0246,  or  visit  our  Web  site  at: 

www.cio.com/conferences 


Strategies 


for  the 
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have  proven  that  America’s  business  and  IT  organizations  are  both 
adaptive  and  strong  —  but  vyhfere  do  we  go  from  here?  In  times  of  such  great  uncertainty,  CIOs  need  to 
come  together  to  re-ass^ss  business  and  technology  priorities,  forecast  critical  li  investments,  and  strengthen 
the  overall  organ iza) 


Conference  highlights  include: 

,1/^ 

e  Economy  —  A  Special  Report 

How  long  is  the  road  to  recovery? 

IT  in  the  Global  Arena 

What  can  we  learn  from  far-flung  IT  operations? 

New  Government  Legislation 

How  will  the  many  new  laws  impact  your  business? 


Alignment  is  Still  Important 

How  can  IT  and  business  stay  in  sync? 


IT  Outsourcing 


Ultimately,  MSPs  will  be  seeking 

midsize  customers  because  larger  companies 
have  the  resources  to  handle  their  monitoring 
and  management  in-house. 


Looking  Ahead 

Observers  of  the  MSP  space  predict  a  huge 
shakeout  during  the  next  year — a  shakeout 
that’s  already  begun  as  Comdisco  and  others 
have  fallen  by  the  wayside. 

Ferengul  points  out  that  right  now  MSPs 
are  servicing  only  about  3  percent  to  5  per¬ 
cent  of  their  potential  marketplace.  At  the 
same  time,  more  than  200  vendors  are  try¬ 
ing  to  establish  themselves.  This  means  that 
a  lot  of  management  service  providers  are 
going  to  go  out  of  business  in  the  near 
future,  and  analysts  predict  that  the  pure 
plays — which  just  monitor  applications  and 
networks — are  likely  to  be  the  first  to  go. 
Those  that  survive  will  be  the  ones  that  form 
alliances  with  huge  colocators  or  hosting 
companies,  such  as  Digex,  Exodus  and 
Verio,  rebrand  the  MSP  services  and  sell 
them  as  their  own.  Meanwhile,  traditional 
outsourcers  such  as  Accenture  and  Perot 


Systems  appear  to  be  making  a  move 
toward  the  same  market,  offering  MSP-type 
services  in  an  MSP  manner,  says  Schatt. 

Ultimately,  management  service  providers 
will  be  seeking  midsize  customers  as  their 
target  base  because  larger  companies  have 
the  resources  to  handle  their  monitoring  and 
management  in-house,  Schatt  says.  And  tra¬ 
ditional  outsourcers,  such  as  Accenture, 
CSC,  IBM  Global  Services  and  Perot 
Systems,  that  want  to  take  advantage  of  the 
MSP  market  will  have  to  devise  a  new  busi¬ 


ness  model  that’s  more  friendly  to  midmar¬ 
ket  enterprise. 

So  what  does  all  this  mean  to  the  user?  It 
means  a  lot  of  pricing  instability  in  the 
future.  So  go  on  and  consider  the  MSP — it 
can  save  you  a  lot  of  money. 

But  keep  the  Dramamine  handy.  The 
coming  year  promises  a  bumpy  ride.  HPl 


Do  you  have  any  experience  working  with  MSPs? 
Share  your  stories  with  Senior  Writer  Eric  Berkman 
at  berkman@cio.com. 


IF  AVAILABILITY  ISN'T  PART  OF 
YOUR  BUSINESS  SOLUTION, 


IT'S  PART  OF  THE  PROBLEM 


If  your  business  is  not  running  at  an 
optimal  level  of  availability  you're 
probably  losing  revenue,  customers 
and  valuable  data,  availability.com 
is  the  only  vendor-neutral  Web  site 
that  provides  all  the  information 
you  need  to  improve  and  optimize 
your  business'  availability. 


availability.com  offers  a  broad 
range  of  topics  that  will  help  you:  I 


^  RECOVER  FROM  DOWNTIME  DISASTER 


►  IMPROVE  SERVICE  LEVELS 


►  REDUCE  PLANNED  &  UNPLANNED  DOWNTIME 


Don't  spend  any  more  time  search¬ 
ing  for  downtime  solutions.  Just  visit 
availability.com  to  learn  about  any 
business  downtime  related  issue. 


►  CONDUCT  A  DOWNTIME  COST  ANALYSIS 


►  UNDERSTAND  NEW  AVAILABILITY 
BENCHMARKS  &  STANDARDS 


Part  AV3A1EP-US 


Register  at  promo.availability.com, 
key  code  c387y,  and  download  FREE 
availability  research  from  GartnerGroup 


availability i  >com 

IT  starts  here  *  ^  ^ 


Case  Files:  Marconi 

CUSTOMER  FOCUS 

KNOWLEDGE  MANAGEMENT  4 

PROJECT  MANAGEMENT 
VALUE  PROPOSITION 


COMPANY  INFO 

COMPANY 

Marconi,  a  London-based  global 
telecommunications  provider 

HEADQUARTERS 

Warrendale,  Pa. 

REVENUES 

$4.5  billion 

EMPLOYEES 

45,000  worldwide 

URL 

www.marconi.com 


KM  PROBLEM 

How  can  a  company  create  a 
knowledge  management  system 
that  ensures  its  technical  support 
agents  have  the  latest,  most  accu¬ 
rate  product  information  for  trou¬ 
bleshooting  customers’  problems? 


THE  PLAYERS 

DAVE  BREIT 

Director  of  Technology  and  R&D 
for  Managed  Services 

ZEHRA  DEMIRAL 

Manager  of  Knowledge 
Management  Systems 


CASE  ANALYST 

TOM  DAVENPORT 

Director  of  the  Accenture  Institute 
for  Strategic  Change 


To  streamline  customer  service,  Marconi  employed  a  system  to 
facilitate  tech  support  knowledge  sharing.  In  the  process,  the  roles 
of  tech  agents  changed,  by  louise  fickel 


WHEN  MARCONI  WENT  on  a  shopping  spree 
and  acquired  10  telecommunications  companies 
over  a  three-year  period,  it  faced  a  serious  chal¬ 
lenge:  How  could  the  $3  billion  manufacturer  of 
telecommunications  equipment  ensure  that  its 
technical  support  agents  knew  enough  about 
newly  acquired  technology  to  provide  quick  and 
accurate  answers  to  customers  on  the  phone? 
And  how  could  Marconi  bring  new  agents  up  to 
speed  on  all  the  company’s  products? 

Marconi’s  technical  support  agents — 500 
engineers  scattered  in  14  call  centers  around  the 
globe — field  approximately  10,000  questions 
every  month  about  the  company’s  products. 
Before  the  acquisitions,  agents  had  relied  on 
Tactics  Online,  an  extranet  where  they  and  cus¬ 
tomers  could  search  for  frequently  asked  ques¬ 
tions  and  text  documents.  As  new  agents  and 
products  joined  the  company’s  ranks,  Marconi 
wanted  to  supplement  the  website  with  a  more 
comprehensive  knowledge  management  system. 


As  engineers  from  the  newly  acquired  companies 
came  on  board,  however,  they  were  hesitant 
to  share  their  knowledge  about  the  products 
they  had  been  supporting.  “They  felt  that  their 
knowledge  was  a  security  blanket  that  helped 
guarantee  their  jobs,”  says  Dave  Breit,  director 
of  technology  and  R&D  for  managed  services 
in  Warrendale,  Pa.  “With  all  of  the  acquisitions, 
it  was  essential  that  we  all  avoid  hoarding 
knowledge  and  share  it  instead.” 

At  the  same  time,  Marconi  wanted  to  stream¬ 
line  its  customer  service  organization  by  mak¬ 
ing  more  of  its  product  and  systems  information 
available  directly  to  customers  and  shortening 
the  length  of  customer  calls.  “We  wanted  to 
leverage  the  Web  for  customer  self-service  versus 
increasing  the  number  of  agents,”  Breit  says. 
“We  also  wanted  to  provide  our  frontline  engi¬ 
neers  [who  interact  directly  with  customers] 
with  more  information  more  quickly  so  that 
they  could  resolve  more  calls  faster.” 
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Building  on  a  KM  Foundation 

When  Marconi  began  evaluating  knowledge 
management  technologies  in  the  spring  of 
1998,  the  concept  of  sharing  knowledge 
among  agents  was  nothing  new.  Agents  were 
already  accustomed  to  working  in  teams  of 
three  or  four  people,  gathering  in  war  room 
fashion  to  solve  customers’  technical  issues. 
And  a  year  earlier,  Marconi  had  started  bas¬ 
ing  a  percentage  of  agents’  quarterly  bonuses 


on  the  amount  of  knowledge  they  submit¬ 
ted  to  Tactics  Online  as  well  as  their  involve¬ 
ment  with  mentoring  and  training  other 
agents.  “Each  agent  was  expected  to  teach 
two  training  classes  and  write  10  FAQs  to 
earn  their  full  bonus,”  says  Breit.  “When  we 
brought  new  companies  online,  the  new 
agents  received  the  same  bonus  plan.  This 
approach  allowed  us  to  build  a  very  open 
knowledge-sharing  environment.” 


For  Dave  Breit,  Marconi's  director  of 
technology  and  R&D  for  managed  services, 
a  successful  KM  system  is  fully  integrated 
into  daily  operations. 


To  augment  Tactics  Online,  Marconi 
chose  software  from  Service  Ware  Technol¬ 
ogies,  in  part  because  its  technology  would 
integrate  easily  with  the  company’s  Remedy 
CRM  system,  which  agents  use  to  log  in¬ 
coming  calls  from  customers  and  track  other 
customer  interactions.  In  addition,  says 
Breit,  Marconi  wanted  its  agents  to  populate 
its  existing  Oracle  database  of  product 
information. 

Breit’s  division  spent  six  months  imple¬ 
menting  the  new  system  and  training  agents. 
The  system — dubbed  KnowledgeBase — is 
linked  to  the  company’s  CRM  system  and 
is  powered  by  the  Oracle  database.  The  inte¬ 
grated  view  of  Marconi’s  customers  and 
products  provides  agents  with  a  comprehen¬ 
sive  history  of  interactions.  Technical  sup¬ 
port  agents  can,  for  example,  put  markers 
in  the  database  and  immediately  pick  up  at 
the  point  where  the  customer  last  spoke  with 
another  agent. 

On  the  Front  Line 

Tactics  Online  complements  the  new  system. 
“The  data  stored  in  KnowledgeBase  are  spe¬ 
cific  troubleshooting  tips  and  hints  on  our 
various  product  lines,”  says  Zehra  Demiral, 
manager  of  knowledge  management  sys¬ 
tems.  “Tactics  Online,  on  the  other  hand,  is 
more  of  a  doorway  for  customers  to  come 
into  our  customer  support  organization. 
From  there,  customers  can  access  Know¬ 
ledgeBase  or  their  service  requests  or  our 
online  training  manuals.” 

Technical  support  agents  now  rely  on 
KnowledgeBase  for  the  latest  solutions  to 
customers’  product  and  systems  problems. 
Fevel  1  agents  answer  all  incoming  calls, 
solve  customers’  problems  when  possible, 


i 
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EXPERT  ANALYSIS 

ON  THE  RIGHT  TRACK 

BY  TOM  DAVENPORT 

IF  THERE’S  A  NO-BRAINER  IDEA  within  the  realm  of 
knowledge  management,  it’s  to  focus  on  customer  service. 

You  want  business  value?  It's  available  in  spades,  with  the 
prospect  of  more  customer  inquiries  served  with  substan¬ 
tially  fewer  humans.  Seeking  engaged  users?  There’s  no 
more  knowledge-hungry  employee  than  a  service  rep  with 
a  customer  on  the  line  and  a  perplexing  problem.  The 
Marconi  situation  described  in  this  case  is  a  great  illustra¬ 
tion  of  the  logic  behind  applying  knowledge  management 
to  the  service  process. 

It's  also  a  great  picture  of  some  of  the  difficulties 
involved.  If  you’re  compiling  an  internal  repository  of  best 
practices  or  lessons  learned,  you  can  assemble  it  in  a  slap¬ 
dash  fashion,  and  few  will  be  the  wiser.  But  a  knowledge 

repository  for  customer  service  is  the  knowledge  equivalent  of  an  online-transac¬ 
tion  processing  system.  Service  representatives  have  to  find  the  right  piece  of 
knowledge  in  real-time,  while  the  customer  waits.  Asking  the  customer  to  hold 
while  you  browse  3,462  documents  in  a  typical  intranet  search  won’t  do.  The  key  to 
success  with  these  systems  is  a  good  architecture  and  strong  content-management 
discipline.  These  factors  are  even  more  critical  when  a  company  allows  customers 
direct  access  to  parts  of  the  system,  as  Marconi  does. 

Marconi  appears  to  have  the  necessary  processes  in  place.  The  company  real¬ 
izes,  for  example,  that  you  have  to  structure  the  knowledge  in  a  way  that  may  be 
harder  to  put  in  but  much  easier  to  get  out  (for  example,  in  the  form  of  a  decision 
tree,  where  answering  a  few  questions  quickly  gets  you  to  the  right  answer).  A  lot  of 
companies  blanch  at  the  effort  required  to  build  such  a  knowledge  base,  but 
Marconi  appears  to  be  biting  the  bullet.  The  company  has  also  realized  that  main¬ 
taining  the  knowledge  base  in  a  high-quality  form  requires  much  care.  It’s  not 
allowing  just  anyone  to  add  redundant  (or  even  incorrect)  knowledge  to  the  sys¬ 
tem— you’ve  got  to  be  a  Level  3  expert  to  add  a  new  solution.  Building  and  main¬ 
taining  the  customer  service  knowledge  repository  are  not  democratic  processes. 

Marconi  has  also  done  the  right  thing  in  terms  of  rewarding  its  people.  With  both 
monetary  and  symbolic  rewards,  it’s  changed  the  culture  around  knowledge  from 
hoarding  to  sharing.  Not  surprisingly,  things  are  going  well  for  both  the  individuals 
who  share  and  for  Marconi  in  general.  Virtue  isn’t  always  rewarded  to  this  degree. 


Tom  Davenport  is 
director  of  the  Accenture 
Institute  for  Strategic 
Change  and  professor 
of  information  manage¬ 
ment  at  Boston  Univ¬ 
ersity.  He  can  be  reached 
at  davenport@cio.com. 
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record  the  calls  in  the  company’s  CRM 
system  and  transfer  the  more  difficult  calls 
up  the  line  to  Level  2  agents.  Level  2  agents, 
meanwhile,  are  the  heart  of  the  organiza¬ 
tion,  composing  about  70  percent  of  the 
technical  support  organization.  They  han¬ 
dle  the  more  difficult  calls  and  troubleshoot 
and  diagnose  equipment  and  network  prob¬ 
lems.  “They’re  the  majority  of  our  knowl¬ 
edge  users  and  contributors,”  says  Breit. 
“They  write  up  a  synopsis  of  the  call  and 
feed  it  into  KnowledgeBase  [on  an  ongoing 
basis]  so  that  other  agents  can  refer  to  the 
solution  later.” 

After  Level  2  agents  submit  their  knowl¬ 
edge  “raw”  to  a  holding  queue.  Level  3 
agents  confirm  the  accuracy  of  the  informa¬ 
tion,  make  any  necessary  changes  and  then 
submit  the  document  to  Demiral.  (Level  3 
agents  also  act  as  consultants,  helping  Level 
2  agents  solve  problems  and  serving  as  inter¬ 
mediaries  between  the  agents  and  the  com¬ 
pany’s  engineering  departments.)  The  entire 
process  of  updating  the  KnowledgeBase 
system  with  a  new  solution  typically  takes 
between  three  days  and  two  weeks. 

Changing  Roles 

As  Breit  anticipated,  implementing  Know¬ 
ledgeBase  has  changed  the  agents’  roles. 
Level  1  agents,  for  example,  now  do  more 
in-depth  troubleshooting  because  they  have 
more  information  available  at  their  finger¬ 
tips.  In  fact,  they  solve  twice  as  many  calls 
themselves  (50  percent  instead  of  25  per¬ 
cent)  in  a  shorter  time  (10  minutes  versus 
30  minutes).  Since  Level  1  agents  can  han¬ 
dle  more  calls,  this  group  has  doubled  in  size 
during  the  past  two  years. 

The  transition  wasn’t  quite  as  painless, 
however,  for  the  Level  2  and  Level  3  agents. 
Indeed,  their  roles  changed  significantly. 
“Rather  than  simply  submitting  HTML 
pages  to  Tactics  Online,  they  were  now 
asked  to  analyze  the  problems  in  a  very  pro¬ 
cedural  way  and  create  diagnostic  ‘trees,’” 
says  Breit.  “That’s  a  more  analytical  way  to 
think  through  a  problem.  Most  of  these  guys 
had  thought  in  terms  of  ‘what  is  the  fastest 
way  to  solve  a  problem’  rather  than  ‘what 


is  the  most  efficient  way  to  solve  a  problem.’” 

With  hundreds  of  people  submitting  solu¬ 
tions,  Marconi  tended  to  get  a  lot  of  wheel 
reinvention.  “There  can  be  five  or  six  ways 
to  solve  the  [same]  problem,  but  there’s  one 
way  that’s  most  efficient,”  Breit  says.  To 
unearth  and  disseminate  the  most  efficient 


solutions,  agents  were  required  to  flowchart 
each  of  their  solutions  for  the  first  three 
months  following  KnowledgeBase’s  launch. 
“It’s  amazing  how  many  [agents]  were 
unconscious  of  their  own  methodologies,” 
says  Breit.  “It  was  somewhat  painful,  but 
they  eventually  felt  they  benefited  because 
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CHAIN  YOURSELF  TO  THE  NETWORK.  NOT  YOUR  DESK. 

PRESENTING  WIRELESS  MOBILITY  FROM  COMPAQ. 

Compaq  complete  mobility  solutions  allow  your  employees  to  do  their  work.  Even  when  they’re  not  at 
their  desk. The  new  Compaq  Evo ™  Notebook  N600c  comes  with  a  Mobile  Intel®  Pentium®  III  processor 
and  an  innovative  MultiPort  for  wireless  networking  capability!  This  means  your  team  can  access  real 
information  in  real  time.  So  now  they  can  check  current  inventory,  track  sales  or  send  e-mail  from  the 
conference  room  or  the  cafeteria.  And  if  they  want  something  even  smaller,  give  them  the  iPAQ 
Pocket  PC  for  big  access  that  fits  in  the  palm  of  their  hands. 

Compaq  Evo™  notebooks  start  at  $999** 


INNOVATIVE  PRODUCTS, 
INTEGRATED  INTO  SOLUTIONS  & 
DELIVERED  GLOBALLY 


Ifind  the  wireless  solution 

you  need  at  compaq.com/mobile 
or  call  1-800-888-6046 


Compaq  PCs  use  genuine  Microsoft®  Windows® 
www.microsoft.com/piracy/howtotell 

“Wireless  LAN  provided  either  through  MultiPort  or  PC  card.  Wireless  WAN  provided  through  PC  WAN  card;  wireless  air  time  contract  required.  802.11  functionality  (in  a  MultiPort  module)  is  sold  separately.  PC  cards  sold 
separately.  Subject  to  wireless  network  coverage.  ’“Suggested  retail  price.  Compaq,  the  Compaq  logo,  Evo,  iPAQ  and  Inspiration  Technology  are  trademarks  of  Compaq  Information  Technologies,  L.P.  in  the  U.S.  and  other 
countries.  Intel,  the  Intel  Inside  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Products  and  company  names  mentioned  herein 
may  be  trademarks  or  registered  trademarks  of  other  companies.  ©2001  Compaq  Computer  Corporation. 


COMPAQ. 

Inspiration  Technology 


Do  you  really  know  what  goes  on  in  the  minds  of 

( iff 

your  e-customers?  What  they  might  be  thinking 
about  buying?  Or  not  buying?  And  why?  That’s 
where  you  need  e-Intelligence  from  SAS.  With 
e-Intelligence,  you  can  quickly  integrate  bricks 
and-mortar  data  with  clicks-and-mortar  data.  To 
reveal  insights  that  can  help  you  optimize  online 
merchandising,  recognize  cross-selling  opportuni¬ 
ties,  build  greater  customer  loyalty,  and  establish 
more  profitable  relationships  with  your  very  best 
e-customers.  To  learn  more  about  e-Intelligence 
from  SAS,  and  what  it  can  do  for  your  business, 
phone  1-800-727-0025  or  stop  by  www.sas.com. 

The  Power  to  Know,,  r  sas 


they  understood  how  they  solve  problems.” 

As  a  result,  agents  now  create  technical 
solutions  for  customers  in  the  most  effi¬ 
cient — and  logical — way  possible  instead  of 
simply  offering  a  “quick  and  dirty”  solution. 
Think  of  the  difference  between  simply  being 
told  what  keys  to  strike  on  your  PC  and 
being  taught  how  your  software  works  and 
the  logic  behind  executing  a  certain  sequence 
of  keystrokes.  Once  you  actually  understand 
how  the  product  works,  you  can  use  the  soft¬ 
ware  more  effectively  and  resolve  more 
problems  yourself. 


Case  Files  |  Knowledge  Management 

terms  of  the  product  and  then  the  problem. 
But  engineers  often  think  about  the  problem 
first  and  then  the  product.” 

The  result:  Customers  often  wouldn’t 
fully  understand  the  solution.  At  the  same 
time,  Marconi  had  to  work  at  easing  Level 
3  agents’  concerns  that  making  them  respon¬ 
sible  for  reviewing  solution  content  would 
suddenly  turn  them  into  technical  writers. 

Marconi  confronted  cultural  issues  as 
well.  “Business  needs  are  different  in  differ¬ 
ent  parts  of  the  world,”  says  Demiral.  “What 
may  be  normal  business  practice  for 


Sprint®  chose 
SAS  to  anticipate 
customer  needs. 

They  made 
the  right  call. 


“We  wanted  to  provide  a  collaboration  tool  for 
employees  and  a  library  source  for  our  customers.” 

-ZEHRA  DEMIRAL,  MANAGER  OF  KNOWLEDGE  MANAGEMENT  SYSTEMS 


Agents  also  had  to  change  the  way  they 
present  the  solutions  to  customers.  “We 
wanted  to  provide  a  collaboration  tool  for 
employees  and  a  library  source  for  our  cus¬ 
tomers,”  says  Demiral.  “Engineers  wanted 
to  provide  a  lot  of  detailed  information  yet 
we  needed  a  degree  of  simplicity  for  cus¬ 
tomers.  Most  of  the  time,  the  immediate 
focus  is  on  what  a  great  collaboration  tool 
this  is  and  how  it  overcomes  geographical 
distance  among  agents.  Then  I  have  to 
remind  [agents]  that  this  is  a  tool  that  we 
want  customers  to  use  and  that  they’ll  have 
to  organize,  write  and  present  the  content 
with  customers  in  mind.” 

Making  It  Work 

Demiral  spent  a  lot  of  time  working  with  the 
Level  3  agents  to  make  their  solutions  less 
complex  and  streamline  the  review  process. 
“We  had  to  go  through  two  iterations  of 
how  to  organize  and  present  the  content,” 
Demiral  says.  “Customers  tend  to  think  in 

cio.com _ 

Read  more  on  our  KNOWLEDGE 

MANAGEMENT  RESEARCH  CENTER 

at  www.cio.com/knowledge. 


Americans  may  not  be  common  elsewhere.” 
In  Europe,  for  example,  the  value  of  the 
KnowledgeBase  system  was  not  readily 
accepted.  But  once  employees  there  saw  that 
customers  could  use  the  system  to  solve  some 
of  their  own  problems,  they  got  on  board. 
Such  an  experience  has  been  incorporated 
into  how  Marconi  approaches  KM.  “We 
sometimes  have  to  introduce  the  idea  of 
knowledge  management  over  time,  validate 
it,  and  then  move  forward,”  Demiral  says. 

To  ensure  that  agents  continue  contribut¬ 
ing  new  knowledge  to  KnowledgeBase, 
Marconi  uses  rewards.  Besides  bonuses, 
knowledge  contributors  receive  recognition 
during  meetings  and  in  a  newsletter.  “Re¬ 
wards  help  feed  this  culture,”  Breit  says. 
“Peer  pressure  also  plays  a  role.  Everyone 
wants  to  contribute  because  it’s  the  right 
thing  to  do.  You  also  have  to  make  sure  that 
the  system  works  well  and  that  employees 
use  it  long  enough  to  see  it  work.  It  has  to 
be  embedded  in  training  and  fully  integrated 
into  daily  operations  so  that  it  just  becomes 
part  of  how  you  do  business.”  HE] 


Send  any  KM  case  studies  to  Senior  Editor  Megan 
Santosus  at  santosus@cio.com.  Louise  Fickel  is  a 
freelance  writer  based  in  Frederick,  Md. 


Get  the  whole  story  and 
others  at  www.sas.com/2b 
or  call  us  at  1-800-727-0025. 
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Supply  Chain  Management 


EASTER  IN 
NOVEMBER 

CHRISTMAS 

IN  JULY 

EVERY  YEAR  AROUND  LABOR  DAY,  JUST  BORN, 

maker  of  those  gooey  pink  and  yellow  marshmallow  chicks  called  Peeps, 
begins  to  get  ready  for  its  big  Easter  season.  It  turns  to  its  sales  forecasts, 
and  it  purchases  mass  quantities  of  sugar,  food  coloring  and  packaging  to 
meet  the  anticipated  demand.  And  every  year  it  gets  stuck  with  leftover 
Peeps  and  unused  materials  that  cost  it  sacks  of  money. 

Just  Born  manufactures  600  million  Peeps  a  year,  80  percent  of  which 
are  sold  during  the  Easter  season.  The  78-year-old,  almost  $100  million 
Bethlehem,  Pa. -based  company  also  makes  Peeps  for  Valentine’s  Day, 
Christmas  and  Halloween,  but  Easter  is  make-or-break  time. 

Just  Born  depends  heavily  on  monthly  sales  forecasts  based  on  histori¬ 
cal  data,  much  of  which  is  gathered  from 
sales  representatives  who  have  to  wran¬ 
gle  that  information  from  independent  Reader  ROI 

candy  brokers,  whose  interests  do  not  *  Strategies  for  predict- 
always  parallel  Just  Born’s.  The  data  Just  'n§  sur§es  'n  demand 

Born  does  manage  to  retrieve  is  therefore,  *  Techniques  for  manag- 

to  use  Just  Born  Supply  Chain  Director  'n§  temporary  staff 

Don  Petraitis’s  word,  “problematic.”  ►  Outsourcing  guides 


If  your  company  has 
seasonal  sales  spikes  and 
dips  (and  what  company 
doesn’t?),  your  supply  chain 
needs  to  be  supple  enough 
to  accommodate  them. 
Here’s  how  it’s  done. 

BY  SIMONE  KAPLAN 


96  CIO  NOVEMBER  1,  2001  •  www.cio.com 


PHOTO  BY  ROBERT  BURROUGHS 


“[Our  forecasts]  always  change  as  it  gets 
closer  to  the  season,”  Petraitis  says.  “Either 
we’re  caught  short  and  can’t  respond  to 
demand  in  time,  or  we  don’t  sell  enough  and 
are  left  with  overstock.” 

Petraitis,  a  10-year  operations  veteran 
with  just  Born  who  admits  he  had  “no  for¬ 
mal  training  or  experience”  in  dealing  with 
the  supply  chain  operations  before  he  was 


put  in  charge  last  June,  has  already  figured 
out  that  forecasting  software  isn’t  the 
answer  to  the  company’s  problems.  The  IT 
department  had  tried  using  Excel  spread¬ 
sheets,  then  a  forecasting  software  package 
from  Demand  Solutions,  but  the  more 
sophisticated  application  did  not  lead  to 
just-in-time  Peeps.  It  was  the  quality  of  the 
information  that  mattered,  not  the  software. 


Now  Just  Born  hopes  to  link  with  its  sup¬ 
pliers  through  the  Web  in  a  fully  automated 
supply  chain,  although  Petraitis  says  that’s 
down  the  road  a  ways. 

The  good  news  for  Just  Born  is  that  at 
least  it’s  thinking  about  supply  chain  man¬ 
agement. 

The  bad  news  is  that  it  took  them  so  long 
to  do  it. 
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Supply  Chain  Management 


Ramping  Up 

and  Winding  Down 


LOTS  OF  BUSINESSES,  FROM  Ful¬ 
fillment  and  delivery  to  clothing  man¬ 
ufacturers,  lawn  and  gardening  sup¬ 
pliers,  and  oil  companies  have  to  deal  with 
surges  in  demand  that  occur  predictably 
around  the  winter  holidays  or 
the  onset  of  hot  weather. 

Supply  chain  management  is 
relatively  easy  when  it’s  han¬ 
dling  steady  state  demands;  the 
real  test  comes  with  handling 
huge  seasonal  fluctuations. 

“If  a  big  part  of  your  rev¬ 
enue  comes  from  activity  that 
goes  on  in  a  seasonal  period 
and  you  don’t  build  to  support 
it,  you  are  out  of  business,”  says  Herb  Klein- 
berger,  leader  of  the  global  retail  practice  at 
New  York  City-based  Pricewaterhouse- 
Coopers.  “You’re  toast.” 

Case  in  point:  Computer  City,  the  chain 


JUST  BORN 


Peeps  sold  during 
the  Easter  season: 

480  million 

Peeps  sold  during 
the  rest  of  the  year: 

120  million 


launched  by  RadioShack  in  the  mid-1990s. 
Designed  to  compete  with  stores  like  Comp¬ 
USA  and  Circuit  City,  it  failed  after  four  years 
because  it  didn’t  know  how  to  manage  its 
inventory,  says  Chapman  Kistler,  vice  presi¬ 
dent  of  the  supply  chain  service  line  at  Cap 
Gemini  Ernst  &  Young,  a  global  manage¬ 
ment  consultancy  based  in  New  York  City. 

“RadioShack’s  core  compe¬ 
tency  was  in  stocking  one  of 
everything,”  Kistler  says.  But 
when  Christmas  came,  having 
one  of  everything  didn’t  help 
Computer  City  cope  with  a 
run  on  new  ink-jet  printers. 

Just  Born’s  Peeps  problem 
is  a  classic  example  of  poor 
supply  chain  management. 
“Everyone  is  guessing  along 
the  supply  chain  as  to  how  much  to  make 
and  ship,”  says  Kleinberger.  “And  they’re 
all  guessing  in  separate  ways  from  each 
other,  so  everyone  builds  in  extra  safety 
stock  to  buffer  forecasting  errors.  You  add 
it  up  along  the  chain,  and  you  end  up  with 
a  huge  cork  that’s  clogged  with  excess 
capacity.” 

Op  in  this  case,  pink  and  yellow  Peeps. 

The  cost  of  sitting  on  excess  product 
varies  by  category  and  industry,  but  it 
can  be  as  much  as  10  percent  to  25  percent 
of  distribution  costs,  according  to  Kevin 
O’Marah,  the  service  director  of  supply 
chain  strategies  at  Boston-based  AMR 
Research.  Transporting,  insur¬ 
ing  and  storing  extra  capacity 
can  increase  overall  costs  by 
10  percent  or  11  percent,  par¬ 
ticularly  during  peak  times, 

O’Marah  says. 

Planning  ahead  to  predict 
demand,  staffing  appropriately 
to  handle  spikes,  knowing 
how  to  make  the  tough  pur¬ 
chasing  and  warehousing  deci- 


various  holidays,  chances  are  you  have  to 
deal  with  seasonal  fluctuations  of  one  kind 
or  another.  “Very  few  companies  have  no 
seasonal  peaks,”  Kistler  says.  Or,  for  that 
matter,  dips. 

(Industries  that  typically  don’t  experience 
seasonal  surges  include  pharmaceuticals, 
fast-food  restaurants  and  B2B  distributors  in 
the  aerospace  sector.) 

If  you  haven’t  already  started  thinking 
about  managing  your  supply  chain  opera¬ 
tions  to  deal  with  spikes,  you’re  late,  but 
maybe  you’re  not  yet  toast.  Here  are  three 
steps  to  help  you  build  a  flexible  supply 
chain  that  can  handle  those  scary  seasonal 
ups  and  downs. 

Dynamic  Databases 

or  How  to  Store 
36 o  Million  Pizzas 


O 


DOMINO’S  PIZZA 


Pizzas  sold  on 
Super  Bowl  Sunday: 

1.1  million 

On  an 

average  Sunday: 

750,000 


Domino’s  Pizza  CIO  Tim  Monteith: 

“Data  aggregation  and  analysis  are  where 
the  CIO  can  provide  the  most  value.” 


sions,  and  ensuring  the  proper  collection  of 
data  for  forecasting  are  all  components  of 
supply  chain  excellence  vital  for  companies 
that  experience  seasonal  fluctuations.  Even  if 
you  don’t  do  most  of  your  business  around 


N  A  NORMAL  SUNDAY,  DOMINO’S 
Pizza  sells  about  750,000  pies.  But 
on  Super  Bowl  Sunday,  it  sells 
1.1  million,  a  46  percent  spike,  says  CIO 
Tim  Monteith. 

Domino’s  business  also  spikes  on  week¬ 
ends  and  whenever  the  weather  gets  nasty. 
There  seems  to  be  something  about  rain, 
sleet  and  snow  that  makes  Americans  simul¬ 
taneously  hungry  and  too  lazy  to  do  any¬ 
thing  about  it  other  than  picking  up  the 
phone.  To  stay  on  top  of  demand,  Monteith 
relies  on  his  data  warehouse  to 
keep  his  business  running. 

Ann  Arbor,  Mich. -based 
Domino’s  has  4,850  stores 
nationwide,  and  each  store 
sells  about  1,000  pizzas  per 
week.  In  2000,  Domino’s 
made  270  million  pounds  of 
dough  and  used  146  million 
pounds  of  cheese,  13  million 
pounds  of  Italian  sausage  and 
9.9  million  pounds  of  mushrooms  to  make 
more  than  360  million  pizzas.  The  demand 
for  materials  goes  through  the  roof  in  the 
days  prior  to  major  spikes,  Monteith  says. 

“To  handle  peaks,  you  must  have  the 
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structure  expertise,  we  can  help  improve  the  way  you  deploy,  manage  and  optimize  your  customer  management  systems  so  your  company  can  focus  on 
driving  additional  revenue  opportunities.  Our  customers  are  some  of  the  largest  financial  services,  media,  telecommunications,  retail  and  high 


technology  companies  in  the  Fortune  500.  And  our  partnerships  with  leading  application  providers  ensure  you  get  the  best  in  CRM  technology. 


To  learn  more  about  how  we  can  help  your  business  with  CRM  infrastructure  innovation,  call  78  1-505-3255  or  email  us  at  info@wheelhouse.com 
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Supply  Chain  Management 


right  tools,”  he  says.  “You  must  have  a  good 
database  to  learn  what  causes  spikes  and 
how  to  predict  them.” 

Because  each  store  can  experience  wild 
fluctuations  depending  on  local  conditions, 
Domino’s  database  keeps  historical  data  on 
sales  at  all  4,850  stores.  Computers  at  each 
store  automatically  tabulate  the  amount  and 
nature  of  supplies  used  each  day,  which 
allows  the  store  managers  to  know  exactly 
how  much  needs  to  be  ordered  and  what  is 
in  danger  of  going  bad. 

“The  inventory  is  dynamically  adjusted,” 
Monteith  says  “If  [a  customer  orders]  a  pep- 
peroni  pizza,  the  computer  will  deduct  one 
roll  of  dough,  5  ounces  of  cheese,  and  a  unit 
of  sauce  and  pepperoni  from  the  system.” 

Monteith  ties  the  data  gathered  from  the 
automated  ordering  system  tightly  to  sales 
forecasts,  and  that  provides  him  with  a  daily 
history  that  is  useful  when  planning  for  the 
next  Super  Bowl  Sunday  or  even  just  the 
next  rainy  Sunday.  He  uses  Manugistics 
Group  software  (see  “Crystal  Ball  Tech¬ 
nology,”  Page  104)  to  manage  Domino’s 
warehouse  and  distribution  system.  To  fur¬ 
ther  organize  the  data  from  each  store, 
Domino’s  is  rolling  out  an  ordering  and  fore¬ 
casting  system  by  Breakaway  International 
Systems  that  will  be  up  and  running  in  U.S. 


stores  by  2003.  The  new  system  includes 
software  by  Intellisol  International  that  will 
help  the  stores  forecast  their  staffing  needs 
depending  on  sales  levels. 

“Data  aggregation  and 
trend  analysis  are  where  the 
CIO  and  IT  organization  can 
provide  the  most  value,”  says 
Bob  Moncrieff,  a  director  at 
PRTM,  a  global  manage¬ 
ment  consultancy  based  in 
Waltham,  Mass.  In  creating  a 
supple  supply  chain,  “the 
most  important  step  to  take 
is  creating  a  well-structured  data  warehouse 
in  which  you  can  store,  format,  and  manip¬ 
ulate  supply  and  demand  data,”  says  Mon¬ 
crieff.  “This  will  help  you  see  seasonal  issues 
very  quickly.” 

Integrated  Channels 

or  You  Cant  Wait  Until  the 
Bloom  Is  Off  the  Rose 

PROFLOWERS.COM,  AN  ONLINE 
flower  dealer,  does  40  percent  of  its 
annual  business  on  just  two  dates: 
Valentine’s  Day  and  Mother’s  Day.  It  also 
sees  a  surge,  though  less  dramatic,  in 


demand  around  Christmas,  Thanksgiving 
and  Easter. 

During  Mother’s  Day  week,  the  San 
Diego-based  company  ships 
about  250,000  flowers  and 
plants,  as  opposed  to  12,000 
in  a  nonpeak  week,  says 
Mark  Sottosanti,  vice  presi¬ 
dent  of  planning  and  logistics. 

Unlike  clothes  and  com¬ 
puters,  or  (to  a  certain  extent) 
pepperoni  and  Peeps,  flowers 
are  very  perishable.  They 
must  be  grown  months  in 
advance  of  when  they  will  be  needed,  and 
they  begin  dying  the  moment  they’re  cut. 
Most  flowers  can  live  a  maximum  of  10  days 
once  cut,  Sottosanti  says. 

“It’s  crucial  from  a  product  and  a  busi¬ 
ness  standpoint  that  we  know  what  our 
growers  have  and  what  sales  for  our  spikes 
will  be,”  he  says. 

In  order  to  work  within  those  10  days, 
the  company  uses  a  proprietary  Web-based 
system  to  link  its  independent  growers  to  its 
network.  Unlike  online  flower  sellers  FTD  or 
1 -800-Flowers,  which  route  orders  through 
a  network  of  growers,  wholesalers  and 
florists,  Proflowers.com  ships  its  flowers 
directly  from  the  growers.  When  a  customer 


PROFLOWERS.COM 


Plants  and  flowers  sold 
Mother's  Day  week: 

250,000 

In  an 

average  week: 

12,000 


Getting  There  Is  All  the  Fun 

How  UPS  ramps  up  to  take  care  of  everyone 

FOR  MOST  COMPANIES,  getting  packages  to  customers  is  vital 
to  the  business.  When  you’re  United  Parcel  Service,  getting  the 
package  to  the  customer  is  your  business. 

Between  Thanksgiving  and  Christmas  2000,  UPS  delivered  more 
than  325  million  packages,  19  million  of  which  were  delivered  on 
Dec.  19.  That's  compared  with  the  average  nonholiday  season  daily 
package  volume  of  13.6  million.  To  handle  the  Christmas  spike,  UPS 
starts  planning  immediately  after  the  previous  holiday  season  ends. 
Around  Thanksgiving,  the  Atlanta-based  company  hires  90,000 
temporary  workers  and  adds  more  than  20  jets  to  its  fleet  of  600 
planes.  It  relies  on  historical  data,  and  it  works  closely  with  “high- 
impact  shippers”  like  specialty  fruit  purveyor  Harry  &  David. 

“We  don’t  like  to  plan  on  the  fly,”  says  Randy  Blaisdell,  air  group 
peak  planning  manager  for  UPS.  “We  really  work  on  communica¬ 


tion  with  the  high-impact  shippers.  We 
like  to  have  it  all  planned  out  in 
advance,  preferably  as  soon  as  they 
have  their  forecasts  together.” 

Blaisdell  oversees  a  group  of  18  peo¬ 
ple  who  plan  for  the  holiday  season 
year-round.  His  team  works  to  integrate 
UPS’s  air  hubs  and  ground  hubs  so  that 
no  one  sorting  center  gets  overloaded. 

For  example,  if  there’s  a  high-impact 
shipper  in  Memphis,  Tenn.,  generating  four  or  five  truckloads  of 
packages  a  day,  the  peak  planning  team  will  make  sure  the  pack¬ 
age  volume  is  distributed  between  centers  in  and  around  the  city. 

So  if  you're  planning  on  shipping  an  extra  20,000  packages 
during  a  seasonal  peak,  it’s  a  good  idea  to  talk  with  your  carrier. 
Then,  both  they  and  you  can  get  shipments  to  your  customers 
on  time.  -S.K. 


Packages  delivered 
on  Dec.  19: 

19  million 

On  an  average  day: 

13.6  million 
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THEY  CAME  HERE  FROM  A  PARALLEL  UNIVERSE.  THEY  NEEDED  SOFTWARE  ...TO  GO! 

LOTUS  for  WIRELESS 

Log  Entry,  Day  25:  Eureka!  We  have  found  Lotus  wireless  software.  With  it,  mobile  knowledge  workers 
can  access  corporate  applications  via  PDA,  cell  phone  or  other  wireless  devices.  This  lets  them  update  critical 
work  in  real  time  -  quite  advanced.  A  most  informative  whitepaper  can  be  found  at  lotus.com/visitwireless 


business  software 


IT’S  A  DIFFERENT  KIND  OF  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  of  SOFTWARE. 


Supply  Chain  Management 

places  an  order  on  the  website,  it  is  stored 
in  the  system  and  automatically  routed  to  a 
grower  a  day  or  two  before  it  is  scheduled 
to  be  filled.  So  if  a  customer  orders  a  dozen 
roses  on  Jan.  15  to  be  delivered  on  Feb.  14, 
Valentine’s  Day,  the  grower  will  not  see  the 
order  until  Feb.  12  or  13.  The  order  will  be 
shipped  the  next  day  via  refrigerated  truck 
to  a  FedEx  ramp  and  then  flown  to  its  des¬ 
tination.  Because  the  growers  give  daily 
inventory  updates,  the  company  always 
knows  how  many  of  each  type  of  flower  it 
has  to  work  with. 

If  the  worst  happens  and  the  growers  run 
out  of  roses  on  Valentine’s  Day,  the  website 
will  stop  taking  orders  for  roses. 

Proflowers.com  monitors  the  inventory 
data  and  orders  so  that  “if  we  see  that  a 
flower  is  on  track  to  be  sold  out,  we’ll  bump 
up  the  price  to  suppress  demand,”  Sottosanti 
says.  And  the  system  will  not  take  orders 
for  products  that  are  not  in  stock. 

If  there’s  excess  inventory  sitting  around 
after  a  spike,  the  company  will  offer  a  free 
vase  or  a  discounted  price  to  try  to  move  it. 
One  time,  Sottosanti  says,  a  misjudgment  in 
forecasting  led  to  a  surplus  of  20,000  tulips 
after  Easter.  The  company  donated  them  to 
a  local  festival.  Only  about  1  percent  of  the 
flowers  ordered  annually  have  to  be  thrown 
away,  he  says. 

When  Proflowers.com  needs  to  ramp  up 
for  seasonal  peaks,  Sottosanti  outsources  his 
extra  call  center  and  e-mail  needs  to  third- 
party  contractors  for  two-  to  three-week 
periods.  When  the  peak  ends,  so  does  the 
contract. 

Creative  Staffing 

or  It  Takes  a  Village  to  Sell 
That  Much  Fruitcake 

Harry  &  david,  the  catalog 

giant  that  sells  fancy  fruits,  candy, 
preserves  and  fruitcake,  normally 
gets  by  with  300  employees  in  its  two  call 
centers.  But  every  year  beginning  in 
September,  the  company  begins  to  ramp  up 
for  Christmas  by  hiring  3,000  seasonal 


Yamanouchi  Consumer  (Harry  &  David)  CIO  Rod  McLeod:  “To  handle  a  peak, 
you  must  pay  attention  to  the  way  you  staff  up.” 


employees  and  opening  a  third  call  center. 

Talk  about  being  prepared;  Harry  & 
David  puts  the  Boy  Scouts  to  shame. 

During  the  Christmas  season,  Harry  & 
David,  which  is  owned  by  Medford,  Ore.- 
based  Bear  Creek  Corp.,  processes  about 
75,000  orders  and  ships  more  than  250,000 
packages  a  day,  as  opposed  to  500  orders  and 
18,000  packages  a  day  in  the 
off-season.  So  the  temporary 
staff  has  to  be  comfortable 
with  the  job  at  hand,  says  Rod 
McLeod,  CIO  of  Yamanouchi 
Consumer,  the  parent  com¬ 
pany  of  Bear  Creek. 

The  company  has  two  per¬ 
manent  distribution  and  call 
centers — in  Medford,  Ore., 
and  Hopewell,  Ohio.  To  han¬ 
dle  the  seasonal  surge,  it 
leases  space  and  equipment  for  a  third,  tem¬ 
porary  center  in  Eugene,  Ore.,  which  typi¬ 
cally  holds  500  workstations  that  are  staffed 
during  peak  hours  from  the  day  after 
Thanksgiving  to  Jan.  15.  The  lease  is  multi¬ 
year,  though  the  space  goes  unused  the  rest  of 
the  year.  Temporary  staff  starts  a  rigid  train¬ 
ing  program  in  October,  months  before  the 
peak  season  kicks  into  gear.  The  program 
costs  a  lot,  McLeod  says,  but  he  believes 
it’s  a  necessary  expense,  and  it’s  built  annu¬ 


ally  into  Harry  &  David’s  budget. 

“To  handle  a  peak,  you  must  pay  atten¬ 
tion  to  the  way  you  staff  up,”  McLeod  says. 
Once  the  peak  has  passed,  you  have  to  staff 
down.  “It’s  difficult  to  hire  someone,  train 
them  for  a  few  days,  have  them  work  for 
you  for  six  weeks  and  then  say  good-bye.” 

In  order  to  make  sure  it  gets  good  people 
for  the  temporary  work, 
Harry  &  David  offers  a 
highly  competitive  paycheck 
and  employee  discounts  that 
the  temps  can  use  for  their 
own  Christmas  presents. 
McLeod  says  that  the  temps 
come  back  year  after  year.  As 
a  result,  customers  always 
get  a  trained  voice  on  the 
other  end  of  the  line. 

Bear  Creek  has  a  depart¬ 
ment  dedicated  to  training  seasonal  employ¬ 
ees.  Last  year,  that  practice  bore  fruit  when 
heavy  snow  and  ice  closed  the  Ohio  call  cen¬ 
ter  for  a  time  between  Thanksgiving  and 
Christmas.  Within  48  hours,  McLeod  had 
a  temporary  office  in  a  conference  center  in 
Medford  set  up  for  a  SWAT  team  of  50  sea¬ 
sonal  and  permanent  employees  ready,  will¬ 
ing  and  trained  to  man  the  phones.  Disaster 
averted.  If  the  shadow  staff  hadn’t  already 
been  trained,  McLeod  believes  the  triage 


HARRY  &  DAVID 


Packages  shipped 
between  Nov.  23  and 
Dec.  23: 


million 


5.2 

In  an  average  month: 

235,000 
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PHOTO  BY  BRIAN  PRECHTEL 
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THE  CODERNAUTS  WERE  ON  A  SEARCH  FOR  A  DATABASE  THAT  RUNS  ON  LINUX;  UNIX  AND  WINDOWS  2000.  THEY  DISCOVERED: 

DB2  outperforms  ORACLE 

I  CUSTOMERS  KNOW  IT,  PARTNERS  KNOW  IT,  BENCHMARKS  PROVE  IT  | 


business  software  ibm.com/db2/outperform 


IT’S  A  DIFFERENT  KIND  of  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  of  SOFTWARE 


Supply  Chain  Management 


Crystal  Ball  Technology 

Five  of  the  top  demand-forecasting  software  products 


would  not  have  been  successful.  It’s  com¬ 
mon  practice  for  companies  to  contract  with 
third  parties  if  they  need  extra  warehouse 
space  or  a  temporary  building  to  handle 
increased  seasonal  demand,  but  when  it 
comes  to  staffing,  the  question  of  whether 
to  outsource  becomes  more  complicated.  “If 
the  positions  you  want  to  outsource  are 

customer-facing,  be 
very  careful,”  Cap 
Gemini  Ernst  & 
Young’s  Kistler 
says.  “You  need  a 
flexible  workforce, 
but  it’s  terrible  for  a 
customer  if  they 
call  during  a  holi¬ 
day  and  they  get  a 
first-day  trainee  on 
the  phone.” 

The  HoneyBaked  Ham  Co.  of  Georgia 
learned  how  not  to  outsource  its  catalog 
call  centers  the  hard  way.  The  42-year-old, 
$130  million  company  does  almost  60  per¬ 
cent  of  its  business  during  the  Thanksgiving, 
Christmas  and  Easter  holiday  seasons,  and 
customer  orders  for  those  holidays  begin 
three  to  four  weeks  out.  To  handle  the  rush, 
the  Atlanta-based  company  contracts  from 
October  to  January  with  a  third-party  call 
center.  Several  years  ago,  it  experimented 
with  outsourcing  the  entire  customer  fulfill¬ 
ment  process  and  got  the  door  slammed  on 
its  fingers. 

“We  outsourced  everything — from  the 
order  call  to  inventory  management  and 
shipping,”  says  Chuck  Bengochea,  COO  of 
the  Georgia  HoneyBaked.  “It  didn’t  work 
out.  We  ended  up  disappointing  far  too 
many  customers,  and  we  took  it  back 
in-house.” 

The  company  eventually  took  the  service 
provider  to  court  over  the  problems  it  suf- 

cio.com _ 

Read  more  about  this  topic  in  our 

SUPPLY  CHAIN  MANAGEMENT 

RESEARCH  CENTER  at 

www.cio.com/scm. 


i2  TECHNOLOGIES 

www.i2.com 

Product:  i2  Demand  Planner 

Differentiator:  Demand  planning 
integrated  with  channel  collaboration 
and  promotional  planning 

Industry  focus:  Semiconductor, 
automotive,  consumer  goods  and  retail 

Customers:  Siemens,  Home  Depot, 
TaylorMade 

Market  share*:  24  percent 

SAP 

www.sap.com 

Product:  APO  Demand  Planning  (part  of 
mySAP  Supply  Chain  Management) 

Differentiator:  Collaborative  planning 
between  partners,  manufacturers  and 
suppliers 

Industry  focus:  Discrete  manufacturing, 
consumer  product  manufacturing  and 
retail,  process  manufacturing 

Customers :  Colgate-Palmolive,  Palm, 
Nestle 

Market  share*:  6  percent 

MANUGISTICS  GROUP 

www.manugistics.com 

Product:  Manugistics  Networks 
Demand 

Differentiator:  Demand  planning  closely 
intertwined  with  a  larger  supply  chain 
management  application 

Industry  focus:  Retail,  automotive, 
pharmaceuticals 

fered — which,  according  to  Nancy  Gibson, 
senior  vice  president  of  marketing  at  the 
Georgia  HoneyBaked,  included  more  than 
20,000  orders  that  did  not  ship  on  time. 

“It’s  one  thing  if  a  toy  doesn’t  arrive  on 
Christmas,”  Gibson  says.  “It’s  a  whole 
different  story  if  your  Christmas  dinner 
doesn’t  show  up.” 

Designing  your  supply  chain  operations 
to  handle  seasonal  spikes  demands  taking  a 


Customers:  Unilever,  Rohm  &  Haas, 

Fuji,  Vodafone 

Market  share*:  5  percent 

J.D.  EDWARDS  &  CO. 

www.jdedwards.com 

Product:  OneWorld  Advanced  Planning 

Differentiator:  Integrates  demand 
planning  and  demand  collaboration, 
and  draws  together  historical,  regional, 
product  and  seasonal  data 

Industry  focus:  Consumer  package 
goods,  process  manufacturing,  discrete 
manufacturing,  distribution 

Customers:  BMW,  Johnson  Wax 
Professional,  Coca-Cola/Femsa 

Market  share*:  3  percent 

LOGILITY 

www.logility.com 

Product:  Voyager  Demand  Planning 

Differentiator:  Incorporates  historical  and 
point-of-sale  data;  creates  graphical  snap¬ 
shot  that  includes  item,  location,  cus¬ 
tomer  or  group 

Industry  focus:  Consumer  packaged 
goods,  retail,  food  and  beverage 

Customers:  Sax,  Heineken  USA, 

ConAgra  Foods 

Market  share*:  1  percent 

* Market  share  percentages  calculated  by 
license  revenue  for  supply  chain  manage¬ 
ment  software  for  2000  according  to  AMR 
Research. 

-Daniel  J.  Morgan 

hard  look  at  your  data  and  planning  on  a 
continuous  basis.  You  don’t  have  much 
choice  about  it.  Either  you  do  it  and  stay  in 
the  game,  or  you  don’t  and  you  end  up  eat¬ 
ing  year-old  Peeps. 

Not  a  happy  prospect.  HH 


Do  you  have  any  tips  for  managing  a  supple  sup¬ 
ply  chain?  Let  Staff  Writer  Simone  Kaplan  know  at 
s  kaplan@cio.com. 


HONEYBAKED  HAM 


Hams  shipped  from 
mid-November 
through  Christmas: 


million 


1.3 

In  an  average  month: 

20,000 
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www.bmc.com 


Step  up  to  our  DB2®  solutions  and  we’ll 
pay  FOR  YOUR  IBM®  DB2  UTILITIES. 

To  get  the  most  availability  and  performance  out  of  your  mission-critical  IBM  DB2  applications  you  need 
BMC  Software®  DB2  solutions. 

We  understand  that  you  don’t  want  to  give  up  those  base  utilities.  However,  you  need  the  advanced 
capabilities  and  top-shelf  support  only  available  from  BMC  Software.  Now  you  can  have  both.  Because 
we  will  pay  you  back  every  single  penny  you  spent  on  IBM  utilities  when  you  buy  one  of  our  solutions. 

It’s  an  upgrade  with  nothing  but  upside.  Rather  than  addressing  individual  IT  pain  points, 
you’ll  have  truly  comprehensive  business  solutions  that  deliver  consistent  performance  and  continuous 
availability  —  backed  by  unmatched  capabilities  and  superior  technical  support. 

It’s  the  best  deal  around:  IBM  DB2  complemented  by  BMC  Software.  And  we  reimburse  you  for 
their  utility  costs.  So  contact  BMC  Software  today 
at  800-811-6765  or  www.bmc.com/db2.  You’ll  get  lots 
of  performance  gain  without  any  financial  pain. 

Assuring  Business  Availability' 


BMC  Software  is  an  Equal  Opportunity  Employer.  BMC  Software,  the  BMC  Software  logos  and  all  other  BMC  Software  product  or  service  names  are  registered  trademarks  or  trademarks  of  BMC  Software,  Inc.  DB2  and  IBM  are  registered 
trademarks  of  International  Business  Machines  Corporation  in  the  United  States.  All  other  trademarks  belong  to  their  respective  companies.  ©  2001  BMC  Software,  Inc.  All  rights  reserved. 


ILLUSTRATION  BY  CURTIS  PARKER 


IT  Training 


How  to 


If  CIOs  want  better  graduates , 
they're  going  to  have  to  step  up 
to  the  chalkboard  to  get  them 
BY  JASON  COMPTON 


Reader  ROI 

►  Learn  how  one  company 
teamed  with  a  local 
university  to  get  skilled 
workers 

►  Find  out  why  CIOs  should 
consider  teaching  to  get 
workers  with  the  right  skills 

►  Get  the  scoop  on  the 
latest  in  IT  schools 


the  Classroom 


Chances  are  you  have  a  number  of  open¬ 
ings  in  your  IS  department.  You’re  not 
alone.  There  are  an  estimated  425,000 
unfilled  IT  worker  positions  nationwide.  And 
pretty  much  like  every  other  CIO,  you’ve  com¬ 
plained  that  there  just  aren’t  enough  qualified 
candidates  for  the  jobs. 

CIOs  love  to  point  the  finger  at  academics 
and  claim  they’re  not  producing  the  kind  of 
graduate  who  can  become  a  seamlessly  produc¬ 
tive  employee  from  day  one.  Educators  don’t  see 
it  that  way. 

“Corporations  have  been  wanting  universi¬ 
ties  to  solve  their  hot  problems,  with  Java  [expe¬ 
rience]  and  MCSE  [certifications],”  says  Jack 


Suess,  CIO  of  the  University  of  Maryland  in 
Baltimore  county.  “That  was  never  our  mis¬ 
sion — to  be  solving  these  kinds  of  very  specific 
problems  in  a  particular  time  frame.” 

It  seems  to  be  a  standoff.  Corporations  want 
grads  to  be  conversant  with  everything  from  the 
shiniest  new  programming  language  to  the 
creakiest  minicomputer  in  the  vault.  Schools 
continue  to  focus  on  balanced  curricula.  Yet 
schools  and  CIOs  can  get  along.  In  some  cases, 
companies  are  going  into  the  classroom  and  tak¬ 
ing  over  curricula.  In  other  cases,  teachers  are 
taking  sabbaticals  in  the  real  world  so  that  when 
they  return  to  the  classroom  they  have  more  up- 
to-date  skills.  And  there’s  a  new  educational 
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IT  Training 


The  Bigger  Problem 

Graduates  without  java  skills?  That’s  only  the  tip  of  the  iceberg. 

SOME  BELIEVE  THAT  THE  UNIVERSITIES,  perhaps  lured  too  far  away  from  their 
general  educational  goals  by  the  flood  of  technology,  are  failing  at  a  more  fundamental 
level.  “I  see  a  woeful  number  of  graduates  who  come  out  who  can’t  even  write  a  coher¬ 
ent  document  of  any  kind— specifications,  cost/benefit  analysis,  even  a  white  paper. 
They  just  can’t  write,”  says  David  Johnson,  senior  vice  president  and  CIO  of  Trans- 
america  Real  Estate  Tax  Service  in  Dallas.  “They  know  a  lot  about  tool  sets,  a  lot  about 
statistical  development,  C++  and  Cobol,  and  how  compilers  are  put  together,  but  they 
have  very  little  critical  skills  thinking.  They  can’t  answer  the  question  of  why  we  would 
want  to  be  doing  this  in  a  business.” 

While  Johnson  stresses  that  his  major  complaint  is  in  the  quantity,  not  the  quality 
of  new  hires  available  to  him,  he  remains  upset  about  graduates’  lack  of  basic  abilities. 
“I  can  expect  that  I’ll  bring  somebody  on  board  and  I  might  have  to  bring  them  up  to 
speed  on  technical  skills.  I  can  give  that  to  them  and  get  there  quickly,”  he  says.  “What 
I  don't  have  the  time  or  stomach  for  is  to  train  somebody  how  to  think  through  things, 
how  to  ask  hard  questions,  communicate  and  run  a  meeting.”  -J.C. 


movement  afoot  to  marry  what  academics 
want  to  teach  with  the  skills  that  CIOs  want 
in  new  hires.  But  it  takes  work  both  inside 
and  out  of  the  ivory  tower. 

REACHING  INTO 
THE  CLASSROOM 

econciling  industry’s  need-it- 
now  goals  with  university 
ideals  isn’t  necessarily  impos¬ 
sible.  In  fact,  it  can  work 
beautifully  when  the  two 
sides  team  up.  One  case  in  point  is  UPS.  In 
the  beginning  of  2000,  UPS’s  Atlanta-area 
operations  desperately  sought  a  near-term 
infusion  of  Web  layout  and  development  tal¬ 
ent.  Fortunately,  CIO  Ken  Lacy  and  Dudley 
Land,  former  vice  president  of  customer 
automation  and  UPS  operations,  found  a 
helpful  partner  in  Georgia  State  University. 
Ephraim  McLean,  professor  of  information 
systems,  and  David  McDonald,  academic 
program  director  in  the  computer  infor¬ 
mation  systems  department,  were  eager  to 
help  UPS  close  its  skills  gap  quickly. 

The  result  of  their  efforts  was  a  21 -week, 
dual-certificate  prototype  that  ran  from  May 
through  October.  Half  of  the  students — 
those  destined  for  content  creation — had  to 
attend  only  the  first  1 1  weeks  for  an  HTML 
development  certificate.  The  second  group 
completed  the  full  course  for  a  grounding 
in  both  design  and  programming.  There  was 
no  shortage  of  student  interest:  UPS  targeted 
career-changers,  who  accounted  for  the 
1,600  applicants  for  17  open  spots. 

UPS’s  goal  was  to  create  IT  workers  who 
could  function  from  day  one,  both  techni¬ 
cally  and  professionally;  and  the  desire  was 
that  every  graduate  would  be  immediately 
transitioned  to  a  job  at  UPS.  Although 
there’s  nothing  to  stop  new  grads  from  leav¬ 
ing  after  the  first  day  to  shop  their  newfound 
skills  elsewhere,  UPS  screened  for  loyalty, 
among  other  traits,  when  narrowing  down 
the  substantial  stack  of  applicants. 

All  sorts  of  synergies  helped  make  the 
partnership  between  UPS  and  Georgia  State 
happen.  The  state  of  Georgia’s  Intellectual 
Capital  Partnership  Program  grants  meant 


students  could  receive  a  state  paycheck 
(actually  a  loan,  waived  if  the  student  stays 
in  a  Georgia  high-tech  job)  for  attending  the 
courses.  Georgia  State  provided  the  instruc¬ 
tors,  and  UPS  provided  the  facilities.  As  of 
press  time,  the  seven  who  completed  the  first 
half  of  the  program  have  been  hired  by  UPS. 

THOSE  WHO  CAN 

eorgia  State  isn’t  the  only 
school  aware  of  the  needs 
of  business.  Many  other 
schools  are  not  deaf  to  the 
input  of  industry,  although 
employers  will  likely  never  be  truly  satisfied, 
says  Kevin  LaMountain,  dean  of  career  and 
student  services  at  technical  degree  school 
DeVry  Institutes  in  Phoenix.  “A  person 
would  never,  ever  graduate  from  college  if 
we  put  in  every  skill  an  employer  wanted 
them  to  have,”  he  says.  “We  have  to  give 
[students]  broad  enough  based  knowledge 
so  they  can  ride  every  ebb  and  flow.  We’re 
not  seeing  any  demand  for  Web  developers 
at  all  coming  through  career  services  [now], 
but  a  year  ago  there  were  probably  five 
employers  on  our  advisory  board  where 
that’s  all  they  wanted.” 

Even  if  an  academic  department  head  is 


willing  to  fast-track  a  hot  skill,  finding  capa¬ 
ble  teaching  staff  is  a  problem.  People  with 
the  proven  competency  in  those  areas  are  not 
in  the  faculty  lounge.  “Are  we  going  to  find 
someone  with  15  years  experience  in  Oracle 
[to  teach  a  database  course]?”  says  La- 
Mountain.  “Someone  with  that  experience 
is  worth  $150,000  to  $200,000  to  a  com¬ 
pany,  and  there’s  no  way  any  school  or  uni¬ 
versity  can  afford  to  have  them  full  time.” 

Neal  Young  is  such  an  example.  Currently 
a  senior  research  scientist  at  Cambridge, 
Mass.-based  Akamai,  a  provider  of  content 
delivery  services,  Young  went  on  leave  from 
a  tenure-track  computer  science  professor¬ 
ship  at  Dartmouth  College  in  1997  (he  offi¬ 
cially  quit  in  April  2001),  in  part  to  cash  in 
on  the  considerable  premium  his  skills  com¬ 
manded  in  the  marketplace.  He  is  interested 
in  returning  to  the  academic  world  some  day, 
but  he’ll  go  back  with  a  greater  awareness 
of  the  strengths  of  learning  in  the  classroom 
and  learning  on  the  job.  “In  a  business  envi¬ 
ronment,  what  you  learn  is  more  chaotic,” 
he  says.  “It’s  useful  to  separate  education  and 
work,  much  the  same  way  you  separate 
being  a  child  and  an  adult — you  don’t  raise 
a  child  by  making  them  go  through  all  the 
things  an  adult  has  to  go  through.  You  give 
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them  a  protected  space  to  go  through  the  ide¬ 
alistic  things  first.” 

LaMountain  thinks  there  is  a  way  for  the 
schools  and  the  workplace  to  both  get  what 
they  want:  The  companies  that  lock  up  talent 
like  Young  need  to  share  him  as  part-time 
faculty  or  at  the  very  least  lend  him  out  for 
instructor  training.  David  Johnson,  senior 
vice  president  and  CIO  of  Transamerica  Real 
Estate  Tax  Service  in  Dallas,  agrees.  He  sug¬ 
gests  widespread  industry  exchange  pro¬ 
grams.  Professors  would  be  put  to  work  in 
industry,  many  for  the  first  time,  to  gather  the 
exposure  and  experience  they  need  to  stay 
current.  They’d  swap  their  desks  with  a  sea¬ 
soned  IT  professional  who  can  teach  highly 
valuable  skills.  Johnson  knows  firsthand  the 
value  of  straddling  both  worlds;  he  taught 
undergraduate  and  graduate-level  technol¬ 
ogy  courses  part  time  for  a  decade. 

Sharing  personnel  between  the  board- 
room  and  the  classroom  would  benefit  all 
sides.  “The  fact  is,  if  you’re  a  faculty  mem¬ 
ber,  you  probably  learned  your  technology 
five  years  ago,”  says  University  of  Mary¬ 
land’s  Suess.  “The  industry  would  like  us  to 
be  producing  graduates  six  to  nine  months 
later  in  [the  hot  new  language]  because  none 
of  their  people  know  it  either,  but  we  have 
the  same  problems.  It  takes  time  to  ramp  up 
the  skill  base  of  people  who  are  ultimately 
going  to  teach  it.” 

A  MORE  PERFECT  UNION 

hile  many  computer 
science  programs  do 
adjust  their  curricula 
to  reflect  new  strate¬ 
gies,  there  is  a  grow¬ 
ing  sense  that  they  are  simply  not  the  optimal 
vehicle  to  assist  with  changing  the  discon¬ 
nect.  In  general,  employment-geared  profes¬ 
sional  schools  such  as  DeVry  and  ITT 
Technical  Institutes  portray  themselves  as 
more  likely  than  the  average  ivory  tower  to 
heed  industry  requests.  DeVry  programs  typ¬ 
ically  leave  roughly  25  percent  of  the  con¬ 
tent  open  to  the  discretion  of  local  instructors 
and  administrators  so  that  skills  and  empha¬ 
sis  can  be  tweaked  to  suit  the  demands  of 


area  employers,  LaMountain  says. 

Traditional  academic  institutions  aren’t 
about  to  let  professional  schools  trump 
them.  Recently,  business  school-sponsored 
IT  and  computer  information  systems  pro¬ 
grams  have  been  making  a  more  conscious 
effort  to  align  themselves  with  the  interests 
of  the  hiring  community.  These  new,  cross¬ 
discipline  initiatives,  such  as  the  four-year 
School  of  Informatics  at  Indiana  University 
in  Bloomington,  are  seeking  to  better  match 
schooling  with  industry  goals.  And  this  aca¬ 
demic  initiative  might  just  be  the  wave  of  the 
future.  “It’s  focused  much  more  on  the  best 
practices,  the  best  uses  of  applications  in  IT 
[than  traditional  CIS]  in  a  whole  variety  of 
industries,”  including  mechanical  and  med¬ 


ical-focused  informatics  programs,  says 
Michael  McRobbie,  Indiana  University  CIO 
and  professor  of  computer  science.  The 
impetus  for  the  new  school — Indiana’s  first 
in  20  years — came  directly  from  the  mar¬ 
ketplace.  “We  established  it  because  of  feed¬ 
back  from  business  and  industry.  They 
needed  people  with  broader  skills,”  he  says. 

McRobbie  points  out  that  while  com¬ 
puter  science  departments  do  a  good  job  of 
steering  clear  of  potentially  ephemeral  hot 
skills,  some  areas  of  serious  demand,  such 
as  a  grounding  in  Microsoft  technologies, 
need  to  be  addressed  at  the  highest  level  of 
education.  “There’s  no  doubt  universities  are 
not  focusing  enough  on  providing  training 
in  those  areas,”  he  says. 

Peter  J.  Denning,  professor  of  computer 
science  at  Fairfax,  Va.-based  George  Mason 
University,  strongly  advocates  the  creation 
of  IT  schools  such  as  IU’s  School  of 
Informatics  and  his  own  institution’s  School 
of  Information  Technology  and  Engineering. 
In  the  August  2001  issue  of  Communications 
of  the  ACM  (Association  for  Computing 
Machinery),  Denning  outlines  a  model  cur- 
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riculum  that  includes  a  mandatory  semester- 
long  internship  and  three  semesters  of 
a  weekly  professional  responsibility  work¬ 
shop  in  addition  to  theoretical  and  applied 
technical  learning.  (Go  to  www.cio.com/ 
printlinks  for  a  PDF  version  of  the  curricu¬ 
lum.)  While  schools  that  are  working  on 
meeting  such  a  model  number  in  the 
dozens — among  them  the  School  of  Com¬ 


puter  Science  at  Carnegie  Mellon,  College  of 
Computing  at  Georgia  Tech,  and  the  College 
of  Information  Science  and  Technology  at 
the  University  of  Nebraska  at  Omaha — he 
is  optimistic  that  market  pressures  have 
posed  the  idea  for  explosive  growth. 

Despite  the  lingering  divide,  both  acade¬ 
mia  and  industry  are  showing  signs  of  col¬ 
laboration.  Faculty  panels  do  not  stay  up 
late  at  night  trying  to  sabotage  IT  hiring 
managers,  and  the  truth  of  the  matter  is  that 
those  managers  need  the  students  coming 
out  of  the  school  system.  The  path  to  train¬ 
ing  better  IT  workers  may  need  to  be 
greased  every  so  often  by  improving  com¬ 
pany-academia  communications  or  by 
encouraging  companies  to  loan  out  employ¬ 
ees  as  instructors,  but  at  least  the  drawbridge 
to  the  ivory  tower  stands  lowered.  The  quest 
to  build  the  perfect  23-year-old  who  can 
effectively  wield  a  mouse  on  day  one,  how¬ 
ever,  will  likely  never  end.  HID 


Send  your  thoughts  on  IT  education  to  us  via  e-mail  at 
letters@cio.com.  Freelance  Writer  Jason  Compton  is 
based  in  Evanston,  III. 
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Join  Us  as  We 
Discuss  How  to: 

Restructure  the  Global 
Value  Chain 

Realign  Outsourcing  Decisions 

Manage  Costs  and  Build  New 
Revenue  Generators 

Maintain  Your  Market  Position 


PLUS 

■  When  to  invest  or  play  it  safe? 

■  Effective  channels  for  service  delivery 

■  Future  human-computer  relationships 

■  Business  Continuance  Strategies 

FEATURED  SPEAKERS 

F.  WARREN  MCFARLAN 

Senior  Associate  Dean 
Harvard  Business  School 

JARON  LANIER 

Lead  Scientist 

National  Tele-immersion  Initiative 
and  Chief  Scientist,  Eyematic  Interfaces 


AND...  MEET  TODAY’S  VALUE  PIONEERS— THE  WINNERS 
OF  THE  10TH  ANNUAL  ENTERPRISE  VALUE  AWARDS 


CIO  MAGAZINE’S 


ENTERPRISE  VALUE  RETREAT 


&  AWARDS  CEREMONY 


JOIN  US  AT  THE  TENTH  ANNUAL  CIO  Enterprise  Value  Retreat  for  a 
two  and  a  half  day,  intensive  case  study  program,  led  by  Harvard 
Business  School’s  F.  WARREN  MCFARLAN,  where  we  will  examine  how 
CIOs  can  more  rapidly  and  reliably  deliver  performance  to  the  overall 
organization.  The  stakes  have  never  been  higher! 


SUNDAY,  JANUARY  27 

8:00  AM  -  1:30  PM 

Partners  Golf  Tournament 

Enjoy  a  round  of  golf  on  the 
Ventana  Canyon  Course 

3:00  PM  -  6:00  PM 

Registration 

8:00  PM  -  9:30  PM 
Partners  Cafe  Reception 

Meet  and  network  with  other  par¬ 
ticipants,  Award  Winners  and 
Retreat  Partners  in  our  informal 
networking  lounge. 

MONDAY,  JANUARY  28 

7:30  AM  -  8:30  AM 

Registration  and  Breakfast 

8:30  AM  -  9:00  AM 

Opening  Remarks  and 
Retreat  Welcome 

ABBIE  LUNDBERG 
Editor  in  Chief,  CIO  Magazine 
What  is  Value?  Lundberg 
explains  how  the  decisions  and 


deliberations  of  the  Enterprise 
Value  Awards  judges  reflect  a 
shift  in  the  IT  value  prop¬ 
osition  —  and  what  it  means  for 
businesses  today. 

9:00  AM  -  10:30  AM 
Retreat  Introduction  and 
Welcome  Address:  The 
Internet-Transformed 
Organization 
F.  WARREN  MCFARLAN, 

Senior  Associate  Dean,  Director 
of  External  Relations,  Albert  H. 
Gordon  Professor  of  Business 
Administration,  Harvard 
Business  School 
In  the  aftermath  of  the  attacks, 
Y2K  and  the  dotcom  debacle, 
both  CIOs  and  general  managers 
might  be  forgiven  for  thinking 
that  things  would  be  moving  at  a 
less  hectic  pace  in  the  IT  world. 
In  fact,  exactly  the  opposite  is 
true  as  the  Internet,  intranets 
and  extranets  are  deeply  impact¬ 
ing  the  operations  and  competi¬ 


tive  positioning  of  most  major 
corporations.  The  critical  ques¬ 
tion  has  become  whether  to  be  a 
fast  adopter  or  a  cautious  follow¬ 
er.  Different  firms  have  followed 
both  strategies,  with  great  suc¬ 
cess.  This  work  is  taking  place 
on  a  global  scale  with  the 
impact  the  same  in  Dallas  as  in 
Hong  Kong.  The  core  of  this 
Retreat  will  be  built  around  one 
of  the  largest  (and  explosively 
growing)  credit  card  providers  in 
the  U.S. 

10:30  AM  -  10:45  AM 

Enterprise  Value  Award 
Winner  Presentation 

10:55  AM  -  11:25  AM 

Mid-Morning  Break 

11:35  AM  -  12:35  PM 

Will  Computers  Become 
People  in  30  Years? 

JARON  LANIER,  Lead  Scientist, 
National  Tele-immersion 


Initiative;  Chief  Scientist, 
Eyematic  Interfaces 
We  are  used  to  hearing  claims 
that  when  computers  become  a 
million  times  more  powerful  in 
about  30  years,  they  will 
become  equivalent  to  humans  or 
greater  than  humans.  In  order  to 
examine  whether  this  might  be 
true,  we  must  rethink  a  range  of 
questions  such  as:  "Why  did 
evolution  take  so  long?"  and 
“Why  is  contemporary  software 
so  unreliable?” 

12:35  PM  -  12:50  PM 

Enterprise  Value  Award 
Winner  Presentation 

12:50  PM  -  2:00  PM 

Luncheon 

2:00  PM  -  2:45  PM 

Industry  Briefings 

2:50  PM  -  3:35  PM 

Industry  Briefings 


To  enroll  or  for  more  information,  call  800  355-0246,  fax  the  form 
to  508  879-7720,  or  visit  our  website  at  www.cio.com/conferences 


3:45  PM  -  4:15  PM 

Coffee  Break 

4:25  PM  -  5:10  PM 
Special  Presentation  on 
Security  and  Privacy 

CIO,  in  conjunction  with  the  U.S. 
Department  of  Commerce’s 
Critical  Infrastructure  Assurance 
Office,  hosts  a  special  presentation 
on  security  and  privacy  issues. 


others  for  execution.  This  realign¬ 
ing  of  what  lies  inside/outside  the 
corporation  is  one  of  the  deep, 
IT-enabled  transformations  of  the 
early  21st  century. 

5:45  PM  -  6:45  PM 

Partners  Cafe  Reception 

Catch  up  with  other  participants 
in  our  informal  lounge,  share 
ideas  and  experiences. 


Even  as  the  world  of  B2B  exchanges 
has  fallen  apart,  the  challenges  and 
economic  opportunities  implicit  in 
implementing  B2B  links  and  B2C 
links  are  moving  forward  rapidly 
(the  bottom  line  contribution  can  be 
enormous).  Two  very  different 
industries  are  looked  at;  one  is  the 
world  of  B2B  evolution  in  the 
telecommunications  industry  and 
the  extraordinary  new  standards  of 
support  that  have  been  established; 
the  other  captures  the  major  reposi¬ 
tioning  of  various  players  in  the 
financial  services  industry.  This  bat¬ 
tle  consumes  the  attention  of  every¬ 
one  from  the  CEO  to  the  CIO  in  try¬ 
ing  to  get  it  right. 

10:00  AM  -  10:15  AM 

Enterprise  Value  Award 
Winner  Presentation 

10:25  AM  -  10:55  AM 

Mid-Morning  Break 

11:00  AM  -  11:45  AM 

Industry  Briefings 

11:55  AM  -  12:10  PM 

Enterprise  Value  Award 
Winner  Presentation 

12:10  PM  -  12:55  PM 

Globalization 

F.  WARREN  MCFARLAN 
Almost  unimaginably,  technolo¬ 
gies  have  spread  out  across  the 
globe  and  provided  fundamentally 
new  ways  of  distributing  work  and 
linking  organizations  together.  The 
special  challenges  posed  by  cer¬ 
tain  environments,  such  as  China 
and  India,  are  dealt  with.  It  is  a 
vastly  shrunken  global  arena  that 
we  are  dealing  with  today. 

1:00  PM  -  3:45  PM 

Luncheon  and  Case  Study 
Workgroups 


5:10  PM  -  5:40  PM 

Global  Industry  Value-Chain 

Restructuring 

F.  WARREN  MCFARLAN 
Every  aspect  of  the  industry  value 
chain  is  potentially  transformed 
by  IT.  Inbound  logistics,  outbound 
logistics,  sales  and  infrastructure 
all  operate  in  an  entirely  different 
way  in  this  new  world. 
Organizations  are  rethinking  their 
core  competencies  to  decide  what 
they  wish  to  keep  inside  the 
boundaries  of  the  company,  and 
what  they  choose  to  delegate  to 


7:00  PM  -  Midnight 

Partner  Hospitalities 

TUESDAY,  JANUARY  29 

7:30  AM  -  8:30  AM 

Breakfast 

8:30  AM  -  8:45  AM 

Corporate  IT  Spending 
Trends  —  Where  are  They 
Headed? 

GARY  BEACH 

Group  Publisher,  CXO  Media  Inc. 
Every  month  for  the  past  year 
and  a  half  CIO  Magazine,  in 
partnership  with  Ed 
Yardeni,  chief  investment 
strategist  of  Deutsche 
Banc  Alex. Brown,  has 
surveyed  a  panel  of 
senior  executives  on  cur¬ 
rent  and  future  IT 
spending  and  other 
issues.  Beach  presents 
an  overview  of  the  latest 
results  and  emerging 
trends  from  the  CIO 
Tech  Poll. 

8:45  AM  -  9:00  AM 

Enterprise  Value 
Award  Winner 
Presentation 

9:00  AM  -  10:00  AM 

E-Commerce 
Management 

F.  WARREN  MCFARLAN 


Lowes  Ventana  Canyon  Resort 


The  Loews  Ventana  Canyon  Resort, 
where  the  Catalina  foothills  give  way 
to  the  Sonoran  Desert,  covers  its  93 
acres  of  resort  area  with  two  Tom 
Fazio  designed  golf  courses,  a  2.5- 
mile  par-course  for  walking  or  jog¬ 
ging,  several  waterfall-dotted  nature 
trails,  biking  areas,  two  pools,  eight 
lighted  tennis  courts,  a  croquet  court, 
and  of  course  our  full-service  spa. 


3:45  PM  -  5:45  PM 

Informal  Networking  and 
Recreation 

5:45  PM  -  6:45  PM 

Enterprise  Value  Awards 
Reception 

7:00  PM  -  9:30  PM 

Enterprise  Value  Awards 
Dinner  and  Ceremony 

Come  raise  a  glass  and  toast  the 
winners  at  our  black  tie  dinner 
and  ceremony,  proudly  underwrit¬ 
ten  by  Genuity. 

9:30  PM  -  11:30  PM 

Dessert  Reception 
Hosted  by  Genuity 

Cap  off  the  evening  with  a  special 
post-awards  reception. 

WEDNESDAY, 
JANUARY  30 

7:30  AM  -  8:30  AM 

Breakfast 

8:30  AM  -  10:30  AM 

Case  Study  Workgroup 
Presentations  and  Discussion 

10:30  AM  -  10:45  AM 

Mid-Morning  Break 

10:45  AM  -  11:30  AM 

Reflection 

F.  WARREN  MCFARLAN 
The  Retreat  closes  with  a  discus¬ 
sion  of  the  specific  management 
practices  currently  in  use  by 
leading  adapters  to  the  new 
information  age. 


THE  ENTERPRISE  VALUE 
AWARDS  CEREMONY  IS 
PROUDLY  UNDERWRITTEN  BY 
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□  I  won't  be  able  to  attend,  but  please  keep  me  updated  on  future 
CIO  events. 


NAME 


If  this  is  your  first  CIO  event, 
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Storage  Gets  Caught  in  the  Net 

IP  storage  promises  faster,  cheaper  and  wider  storage  area  networks 

BY  JOHN  EDWARDS 


Edited  by  Christopher 
Lindquist.  Se?id  your 
thoughts  and  ideas 
for  future  columns 
to  et@cio.com. 


“STORAGE  IS  TO  schools  what  Miracle  Grow  is 
to  gardens,”  says  Tom  Walker,  executive  director 
of  library  and  information  services  at  Decorah, 
Iowa-based  Luther  College.  “The  more  storage 
you  put  at  the  hands  of  academics,  the  more  likely 


they  are  to  fill  it  up  with  their  projects.”  Walker 
is  hoping  that  IP  storage,  a  promising  new  way 
of  building  storage  area  networks  (SANs),  will 
give  his  2,600-student  liberal  arts  school  richer 
storage  pastures. 


IP  storage. ..Cell  computing.. .Printing. ..Wireless  development 
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IP  storage,  which  uses  the  Internet  to 
swiftly  transport  data  from  users  to  stor¬ 
age  arrays  around  the  world,  is  just 
beginning  to  emerge  from  the  develop¬ 
ment  mist.  Cisco,  CNT,  IBM,  Lucent 
Technologies  and  Nortel  Networks  are 
among  the  many  vendors  that  have 
invested  deeply  in  IP  storage  and  are  just 
now  starting  to  ship  their  first  products 
based  on  the  technology.  “There’s  a  huge 
IP  structure  in  place,  and  it  only  makes 
sense  to  take  advantage  of  it,”  says  Brice 
Clark,  a  director  of  the  Colorado  Springs, 
Colo. -based  Storage  Networking  Indus¬ 
try  Association’s  IP  Storage  Forum. 

IP  storage  is  designed  to  address  the  cost 
and  performance  deficiencies  that  are  inher¬ 
ent  in  fibre  channel  (FC),  the  data  trans¬ 
port  technology  that’s  currently  being  used 
to  build  most  SANs.  But  as  IP  storage  sys- 


- 1  Emerging 

tern  vendors  try  to  grab  a  foothold  in  IT 
departments  worldwide,  questions  remain 
about  the  field’s  evolving  standards  and 
whether  vendors’  cost  savings,  performance 
and  deployment  promises  will  pan  out  in 
the  real  world.  “This  is  the  next  big  push 
in  terms  of  storage,”  says  Arun  Taneja,  a 
senior  analyst  at  the  Enterprise  Storage 
Group,  a  Milford,  Mass.-based  storage  in¬ 
dustry  research  consultancy.  “Not  all  the 
issues  are  resolved,  but  there  is  so  much 
value  in  the  concept  that  it’s  worth  work¬ 
ing  on  it  a  bit.” 

Cost  Cutting 

Although  IP-based  storage  equipment  isn’t 
always  less  expensive  than  FC  hardware, 
IP  technology  can  help  organizations  cut 
costs  by  using  existing  Internet-compati¬ 
ble  hardware  for  storage.  For  example,  a 


The  Name  Game 

LIKE  ALL  INTERNET-connected  devices,  IP  storage  units  need  a  unique  identifier  that 
will  allow  servers  to  find  and  communicate  with  them.  Currently,  IT  managers  can  manu¬ 
ally  set  identification  addresses  on  each  device.  But  as  corporate  IP  storage  networks 
grow  in  both  size  and  geographic  scope,  this  task  is  becoming  increasingly  burdensome. 
This  is  the  problem  the  Internet  Storage  Name  Service  (ISNS),  a  device  discovery  and 
management  protocol  for  IP  storage  networks,  is  designed  to  remedy. 

ISNS  would  work  like  a  domain  name  server  to  ensure  that  servers  could  find  storage 
devices  based  on  an  Internet  small  computer  system  interface  (ISCSI).  ISNS  would  also  allow 
managers  to  designate  the  servers  that  can  communicate  with  specified  storage  devices.  The 
technology  behind  the  protocol  was  developed  by  several  network  heavyweights  including 
IBM,  Intel,  Nishan  Systems  and  Nortel  Networks.  The  specification  is  currently  under  review 
by  the  Internet  Engineering  Task  Force,  an  Internet  standards-setting  organization. 

With  so  many  major  backers,  ISNS’s  approval  appears  virtually  assured.  Once  that 
happens,  network  storage  device  makers  will  likely  rush  to  embrace  the  technology. 

ISNS’s  supporters  have  already  released  the  protocol’s  software  as  open-source  code. 
(There  is  one  caveat:  In  this  world  of  rapidly  changing  standards,  vendors  are  also  con¬ 
templating  extensions  directly  to  ISCSI  to  support  naming.) 

ISNS  is  designed  as  a  compact  protocol  that  can  be  easily  added  to  a  variety  of  ISCSI 
adapters  and  target  devices,  including  storage  arrays  and  routers,  says  Aamer  Latif,  presi¬ 
dent  and  CEO  of  San  Jose,  Calif.-based  IP  storage  product  maker  Nishan  Systems.  “ISNS 
is  an  important  step  in  making  ISCSI  the  leading  network  storage  technology.” 

By  making  ISCSI-based  SANs  easier  to  manage,  ISNS  could  draw  more  organizations 
to  IP  storage.  "It  removes  a  potential  obstacle  to  adoption,”  says  Paul  Mattson,  ISCSI 
business  manager  for  IBM's  Raleigh,  N.C. -based  storage  networking  division.  “For  major 
corporations,  the  idea  of  manually  setting  hundreds  or  thousands  of  individual  addresses 
isn’t  very  appetizing.  This  is  a  solution.”  -J.E. 
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company  could  sidestep  the  need  to  pur¬ 
chase  dedicated  FC  storage  equipment  by 
using  its  application  servers  to  store  data. 

The  technology  can  also  help  organi¬ 
zations  lower  employee  overhead.  “You 
can  use  your  IP  engineer  to  manage  your 
storage  network,”  says  Mark  Cree,  gen¬ 
eral  manager  of  Cisco’s  Minneapolis- 
based  storage  router  business  unit.  “In 
the  past,  these  storage  experts  would 
make  at  least  50  percent  more  than  an 
IP  engineer  would.” 

At  Luther  College,  IP  storage  is  a  way  to 
expand  storage  capacity  without  empty¬ 
ing  the  school’s  bank  account.  “Fibre 
channel  was  well  outside  of  our  budget 
range,”  says  Walker,  who  instead  turned  to 
IP  storage  technology,  including  IBM’s  IP 
Storage  200i,  a  storage  array  that  attaches 
to  the  school’s  Ethernet  network. 

Walker  wasn’t  as  worried  about  the  cost 
of  gear  as  much  as  the  expense  of  train¬ 
ing  his  staff  in  FC  technology.  “The  basic 
issue  is  that  I  don’t  want  to  have  to  add 
another  competency  to  my  thinly  spread 
staff,”  he  says.  “My  people  use  IP  every 
day,  day  in  and  day  out.  They  know  it. 
They  love  it.” 

Walker  also  doesn’t  like  the  idea  of 
buying  in  to  a  solution  that  would  lock 
his  department  in  to  one  vendor’s  vision 
of  a  storage  strategy.  “In  the  education 
industry  there’s  a  real  phobia  about 
building  dependency  on  outsourced  ven¬ 
dor  relationships,”  he  says.  “With  IP 
storage,  we’re  free  to  easily  mix  prod¬ 
ucts  from  different  vendors.” 

Faster,  Farther,  Safer 

Reduced  costs  are  only  one  side  of  the  IP 
storage  story.  The  technology  also  prom¬ 
ises  improvements  in  speed,  geographic 
scope  and  even  data  security.  On  the  speed 
front,  IP  storage’s  current  advantage  is 
minimal.  First-generation  IP  storage  sys¬ 
tems  are  designed  to  operate  at  speeds  of 
up  to  1.25Gbps — not  much  faster  than 
FC,  which  maxes  out  around  1.06Gbps. 
But  IP  storage  should  get  a  push  sometime 
next  year,  when  the  Institute  of  Electrical 
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and  Electronics  Engineers  is  expected  to 
put  its  stamp  of  approval  on  a  proposed 
lOGbps  Ethernet  standard. 

Perhaps  even  more  impressive  than  IP 
storage’s  potential  for  slashing  costs  and 
boosting  speeds  is  its  unlimited  reach. 
While  fibre  channel  technology  limits  its 
spans  to  about  six  miles,  IP  storage’s  hori¬ 
zons  are  virtually  unlimited,  thanks  to  the 
Internet’s  global  scope.  This  means  that  an 
organization  can  arrange  to  have  its  data 
stored  in  another  state,  another  country  or 
another  continent.  “A  global  company  can 
take  advantage  of  storage  space  that’s  avail¬ 
able  across  the  street  or  around  the  world,” 
says  Enterprise  Storage  Group’s  Taneja. 

Another  big  benefit  of  IP  storage  is  that 
it  usually  requires  little  or  no  additional  in¬ 
vestment  in  security.  Leading  security  tech¬ 


vices  to  be  connected  to  an  IP  network.  The 
IFCP  protocol,  supported  by  Lucent  Tech¬ 
nologies  and  several  other  companies,  is  de¬ 
signed  to  appeal  to  organizations  that  have 
an  existing  investment  in  FC  technology. 

While  the  flexibility  of  the  ISCSI  stan¬ 
dard  gives  it  the  best  long-term  prospects, 
most  experts  view  IFCP  as  the  near-term 
winner.  This  is  because  IP  storage  switches 
and  related  products  will  allow  organiza¬ 
tions  to  extend  their  existing  FC  SANs 
across  metropolitan  area  networks  (MANs) 
and  WANs  without  distance  limitations. 
“IFCP  lets  you  enter  IP  storage  without 
junking  everything  you  have,”  says  Taneja. 

Although  choosing  IFCP  may  be  a  no- 
brainer  for  an  organization  with  an  exist¬ 
ing  FC  investment,  the  choice  isn’t  as  obvi¬ 
ous  for  CIOs  just  stepping  in  to  the  network 


IP  storage  usually  requires  little  or  no 
additional  investment  in  security. 


nologies,  such  as  firewalls  and  virus  scan¬ 
ners,  which  most  organizations  already  use 
to  protect  their  Internet  data  transfers,  can 
also  be  applied  to  safeguarding  IP  storage 
data.  “You  can  view  it  as  kind  of  a  built- 
in  protection,”  says  Cisco’s  Cree. 

A  Storage  World  Divided 

While  industry  experts  are  virtually  uni¬ 
fied  in  their  praise  of  IP  storage  as  a  con¬ 
cept,  the  field  itself  is  divided  into  two 
camps,  each  supporting  a  protocol  that’s 
incompatible  with  the  other.  The  Internet 
small  computer  system  interface  (ISCSI) 
allows  the  transport  of  SCSI  I/O  traffic 
over  standard  IP  networks,  such  as  Giga¬ 
bit  Ethernet,  and  is  designed  to  bring 
plug-and-play  simplicity  to  networked 
storage  devices.  “It’s  made  of  building 
blocks  that  people  can  deal  with,”  says 
Paul  Mattson,  ISCSI  business  manager 
for  IBM’s  Raleigh,  N.C. -based  storage 
networking  team.  IBM,  Cisco  and  Nortel 
are  among  ISCSI’s  proponents. 

The  Internet  FC  protocol  (IFCP),  on  the 
other  hand,  allows  native  fibre  channel  de¬ 


storage  market.  Given  the  absence  of  a 
clear-cut  standard,  there’s  always  the  chance 
of  picking  Beta  over  VHS  and  facing  trou¬ 
ble  down  the  road.  “This  may  mean  addi¬ 
tional  cost  and  even  downtime  in  the  future 
in  order  to  upgrade  the  system,”  says 
Robert  Passmore,  a  storage  analyst  at 
Gartner  in  Stamford,  Conn. 

Theoretical  Wonderland 

Despite  the  hoopla  surrounding  IP  storage, 
many  storage  industry  observers  are  skep¬ 
tical  that  the  technology  can  live  up  to  its 
supporters’  extravagant  cost-cutting  and 
performance-boosting  promises.  With 
equipment  just  hitting  the  streets,  real- 
world  benchmarks  haven’t  yet  been  estab¬ 
lished,  so  vendors  are  free  to  live  in  a  the¬ 
oretical  wonderland.  “It’s  hard  to  compare 
performance  right  now  because  it’s  not  the 
same,  so  it  gets  into  an  apples  and  oranges 
kind  of  thing,”  Passmore  says. 

Min  Christopherson,  IT  director  at  DNA 
Sciences,  a  Fremont,  Calif.-based  genetics 
research  company,  hopes  the  IP  storage  sys¬ 
tem  he  started  working  on  late  last  year  will 
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Zone  Labs 

ZONE  LABS  maker  of  the  popular 
ZoneAlarm  line  of  PC  firewall 
products,  still  plans  to  help 
home-  and  small-office  users 
keep  hackers  out  of  their  sys¬ 
tems.  But  the  company  will  also 
offer  an  enterprise-class  tool 
called  Zone  Labs  Integrity  that 
combines  Zone  Labs’  award-win¬ 
ning  PC  firewall  technology  with 
centralized  management  of  secu¬ 
rity  policies  and  Internet  usage. 

Integrity  is  based  on  Zone- 
Alarm’s  client-side  technology, 
which  protects  computers  from 
unrequested  outside  traffic,  pre¬ 
vents  transmission  of  unauthorized 
outgoing  traffic  and  quarantines 
suspicious  e-mail  attachments.  It 
then  adds  features  that  allow  IT 
managers  to  establish  security 
policies,  communicate  them  to 
users,  enforce  them  and  generate 
security  reports. 

The  product  can  take  advantage 
of  existing  directory,  naming  and 
authentication  services,  including 
lightweight  directory  access  proto¬ 
col  and  remote  access  dial-in  user 
service,  and  integrates  with  third- 
party  network  management  prod¬ 
ucts.  IT  managers  can  also  use 
the  product  to  protect  computers 
used  by  remote  workers  outside 
the  corporate  network. 

Pricing  for  Integrity  begins  at 
$15,000  for  the  server  and  $80 
per  client.  For  more  information, 
visit  www.zonelabs.com  or  call 
415  341-8200. 

-Christopher  Lindquist 
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help  him  cut  costs,  but  he  isn’t  sure  just  how 
much  money  he’ll  save.  “It’s  not  fair  to 
crunch  numbers  right  now,  because  there’s 
so  much  more  to  this  technology  than  just 
the  equipment  cost,”  he  says. 

One  of  the  extras  IP  storage  gives  its 
adopters  is  the  headache  of  network  la¬ 
tency — the  time  between  initiating  a  request 
for  data  and  the  beginning  of  the  actual 
transfer.  High  latency  times  can  degrade 
performance  to  well  below  FC  levels.  But 
latency  woes  are  solely  a  network  problem, 
claims  Wayne  Lam,  vice  president  of  mar¬ 
keting  for  IP  storage  vendor  FalconStor  in 
Melville,  N.Y.  “If  you  have  a  well-designed 
network,  latency  isn’t  an  issue,”  he  says. 
“You  can’t  blame  IP  storage  for  this.” 

Another  potential  trouble  spot  is  IP 
storage’s  impact  on  an  organization’s  exist¬ 
ing  network  resources.  CIOs  need  to  care¬ 
fully  assess  the  state  of  their  IP  networks 
before  committing  to  an  IP  storage  strat¬ 
egy,  says  Mark  Knittel,  group  vice  presi¬ 
dent  of  worldwide  product  operations  at 
Minneapolis-based  storage  networking 
vendor  CNT.  “IP  storage  is  something  of 
a  bandwidth  hog,  and  many  IP  networks 
aren’t  able  to  handle  this  type  of  use.” 
Knittel  notes  that  upon  adopting  IP  stor¬ 
age,  many  organizations  opt  to  send  their 
storage  data  over  a  VPN  rather  than  the 
Internet.  A  VPN  provides  added  security 
and  allows  organizations  to  tailor  network 
parameters  for  maximum  efficiency. 

Despite  IP  storage’s  lingering  uncertain¬ 
ties  and  demand  for  careful  planning,  many 
early  adopters  continue  to  praise  the  tech¬ 
nology,  although  guardedly.  “You  need  to 
have  a  vision,”  says  Christopherson.  “You 
have  to  have  a  sound  infrastructure  and 
make  sure  that  it’s  ready.” 

Luther  College’s  Walker  says  the  tech¬ 
nology  requires  a  CIO  to  be  both  cautious 
and  alert.  “It’s  all  incredibly  complex,  so 
we’re  moving  slowly,”  he  says.  “This  is 
probably  the  most  daring  thing  we’ve  done 
in  a  long  time.”  ■ 


John  Edwards  ( john@john-edwards.com )  is  a  free¬ 
lance  technology  writer  based  in  Gilbert,  Ariz. 


TAKING  THEIR  CUE  from  the  way  biological  cells  cooperate  with  each  other  to  form  a 
bodily  structure,  IBM,  Sony  Computer  Entertainment  and  Toshiba  are  developing  a  chip 
architecture  that  will  let  individual  processors  interconnect  and  create  a  larger  system. 

If  everything  works  as  planned,  the  new  architecture— dubbed  Cell— will  lead  to  consumer 
devices  that  are  more  powerful  than  IBM’s  Deep  Blue  chess-playing  supercomputer,  operate 
at  relatively  low  power  levels  and  provide  built-in  broadband  Internet  connectivity. 

The  companies  hope  to  develop  Cell  devices  capable  of  multiple  teraflops  (trillions  of 
operations  per  second)  of  processing  power,  says  Lisa  Su,  broadband  business  line  man¬ 
ager  for  IBM’s  microelectronics  division  in  East  Fishkill,  N.Y.  Although  the  Cell  architec¬ 
ture  will  be  built  from  scratch,  Su  says,  IBM  will  contribute  its  advanced  semiconductor 
technology,  including  its  PowerPC  knowledge,  to  the  design.  Cell  devices  will  incorporate 
a  variety  of  recent  chip  design  breakthroughs,  including  copper  wiring,  silicon-on-insula- 
tor  transistors  and  low-K  dielectric  insulation.  At  the  project’s  peak,  IBM  expects  to  dedi¬ 
cate  more  than  300  chip  architects  and  designers  to  Cell’s  development. 

The  technology  is  slated  to  find  a  home  in  a  variety  of  products,  including  PCs, 
wireless  devices,  game  consoles,  Internet  appliances,  gateways,  switches  and  routers. 
“Cell-based  products  of  all  types  will  form  the  building  blocks  of  larger  systems,” 
says  Su.  “The  internal  broadband  connectivity  will  allow  the  processors  to  be  closely 
linked,  creating  a  network  of  systems  that  act  as  a  single,  unified  supersystem.” 

The  trio’s  ultimate  goal  is  to  define  the  standard  for  broadband  Internet  access,  says 
Andrew  Allison,  an  independent  computer  industry  analyst  in  Carmel,  Calif.  “And  not  just 
for  consumer  products,"  he  adds.  Allison  believes  that  Cell  processors  could  eventually 
wind  up  in  an  array  of  office  products. 

-John  Edwards 
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SSO  years  later — still  no  paperless  office  by  fred  hapgood 


WHEN  JOHANNES  Gutenberg  thought  up 
the  printing  press  in  1450,  he  had  only  one 
application  in  mind:  automating  the  man¬ 
ufacture  of  indulgences,  the  get-out-of- 
damnation  cards  then  sold  to  anxious  sin¬ 
ners  by  the  church.  As  it  turned  out,  the 
indulgence  business  had  a  scaling  prob¬ 
lem — mass  production  turned  what  had 
been  a  tolerated  irregularity  into  the  per¬ 
ception  of  complete  corruption.  The  cul¬ 
tural  reaction  wrecked  not  only  the  market 
but  very  nearly  the  church  itself.  However, 
his  printing  system  sidestepped  this  un¬ 
pleasantness,  spreading  within  a  matter  of 
decades  to  every  corner  of  civilization.  By 
the  19th  century  the  printing  press  became 
an  essential  arm  of  commerce,  responsi¬ 
ble  for  everything  from  forms  to  catalogs 
to  money. 

In  the  Oct.  1,  1992,  issue  we  ran  an 
article  covering  the  implications  of  the 
most  recent  twist  in  our  relationship  with 
print.  More  and  more  enterprises  were 


starting  to  think  of  information  technol¬ 
ogy  as  organized  around  decentralized 
groups  of  PCs.  It  seemed  only  natural  to 
manage  printing  the  same  way,  which 
meant  moving  the  function  out  of  cen¬ 
tral,  often  remote,  departments  and  into 
workgroups.  The  growing  number  of  mul¬ 
tifunctional  devices  (which  could  print, 
copy  and  scan)  on  the  market  reinforced 
the  idea  by  making  it  possible,  at  least 
in  theory,  to  move  copying  out  of  copy 
centers  and  onto  the  edges  of  the  enter¬ 
prise  as  well.  If  computing  was  moving 
closer  to  users,  didn’t  it  make  sense  for 
printing  and  copying  to  follow? 

That’s  how  it  seemed  to  us  and  to  the 
many  vendors  whose  products  we  exam¬ 
ined  in  our  piece.  The  actual  realization 
of  this  vision  has  been  strikingly  slow. 
According  to  Bruce  Dahlgren  of  printer 
manufacturer  Lexmark,  the  large,  central 
printing  center  remained  a  standard  until 
very  recently.  There  are  numerous  rea- 
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Developer  Doings 

GIVEN  THE  FACT  that  there  are 
more  mobile  phones  than  any  other 
wireless  device  on  the  planet,  it 
would  be  easy  to  assume  that  wire¬ 
less  application  developers  would 
be  eagerly  targeting  the  biggest 
market  and  excluding  others.  But  a 
recent  study  by  Santa  Cruz,  Calif.- 
based  development  research  com¬ 
pany  Evans  Data  indicates  that  isn’t 
necessarily  the  case. 

According  to  the  “Wireless 
Developer  Survey”  (Vol.  2,  Fall 
2001),  58.6  percent  of  respon¬ 
dents  said  they  were  developing 
applications  for  phones,  while  a 
nearly  equally  number— 57.4 
percent— indicated  that  they 
were  developing  programs  for 
wireless  PDAs.  Other  platforms 
drew  considerably  less  interest, 
with  only  37.8  percent  develop¬ 
ing  applications  for  laptops  and 
15.8  percent  working  on  pager- 
based  products.  The  company 
notes  that  while  mobile  phones 
are  nearly  ubiquitous,  PDAs  gen¬ 
erally  have  more  memory, 
screen  space  and  other  features 
that  developers  find  appealing. 

The  report  offers  additional 
data  about  the  specific  platforms 
developers  are  supporting,  the 
time  frame  for  application 
deployment,  the  type  of  applica¬ 
tions  being  developed  and  more. 
For  purchasing  information, 
visit  www.evansdata.com  or 
call  800  831-3080. 

-Christopher  Lindquist 
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sons  why  that  might  have  happened. 
Centralization  brought  economies  of 
scale  and  the  convenience  of  single  points 
of  management.  Software  that  supported 
network-based  printing  proved  hard  to 
write.  Moving  printing  and  copying  to 
the  edge  of  corporate  networks  some¬ 
times  required  tinkering  with  the  back¬ 
bone  of  the  organization  (for  example, 
moving  copying  from  the  facilities  de¬ 
partment  to  IT),  and  those  changes  are 
always  slow. 

However,  the  same  arguments  had  been 
trotted  out  during  the  transition  to  mi¬ 
crocomputer-based  networks,  and  that 
movement  took  off  like  a  prairie  fire.  A 
more  subtle  possibility  for  lingering  print 
centralization  is  that  in  the  early  to  mid- 


’90s  everyone  knew  in  their  bones  that 
networked  PCs  were  the  future,  whereas 
most  managers’  bones  fell  silent  when 
they  were  asked  about  printing.  Even  if 
you  didn’t  believe  in  a  paperless  office, 
the  role  of  printing  in  the  21st  century 
enterprise  was  very  cloudy.  Given  that 
murkiness,  it  just  made  sense  to  keep 
pushing  decisions  about  the  technology 
to  the  bottom  of  the  pile. 

During  the  past  18  months  or  so  the 
situation  has  changed.  A  consensus  on 
the  future  of  printing  has  finally  begun 
to  emerge:  Printing  does  have  a  future, 
limited  in  one  way,  but  nearly  boundless 
in  another.  Printing  has  historically  had 
three  jobs:  information  storage,  distribu- 
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tion  and  display.  At  least  in  the  business 
context,  display  has  always  been  the  poor 
sister;  changes  in  printing  technology 
were  bought  and  sold  on  the  promise  of 
improvements  in  storage  and  distribution 
efficiencies  (like  microfiche). 

Today  the  huge  improvements  digital 
technology  has  made  to  information  stor¬ 
age  and  distribution  are  obvious.  Yet  no 
one  has  developed  display  technology  that 
can  rival,  let  alone  improve  on,  paper’s 
convenience  and  comfort  level.  As  a  result, 
information  display  has  become  printing’s 
core  competence  and  responsibility. 

At  the  same  time,  IT-led  enhancements 
in  storage  and  distribution  have  increased 
the  load  on  display,  since  the  more  infor¬ 
mation  computer  networks  can  remem¬ 


ber  and  deliver,  the  more  users  end  up 
printing.  One  illustration  of  this  effect 
is  the  recent  success  of  color  printers.  We 
devoted  a  lot  of  lines  to  color  in  our 
1992  article,  and  for  all  the  sales  that 
followed  in  ’93  and  ’94  we  might  has 
well  have  saved  the  ink.  It  was  not  until 
the  Web  started  routinely  delivering  graph¬ 
ics  and  color  (such  as  Microsoft  Power¬ 
Point  presentations)  that  color-printing 
sales  accelerated.  According  to  IDC  (a 
sister  company  to  C/O’ s  publisher),  the 
fraction  of  color  printers  shipped  to  U.S. 
businesses  quadrupled  between  1996 
and  1999. 

In  just  a  few  years  enterprise  printing 
has  changed  from  a  store-and-forward 
batch  process — responsible  for  creating 
large  numbers  of  relatively  few,  long 
documents  to  be  stored,  distributed  to 
many  people  and  then  stored  again — to 
one  expected  to  produce  large  numbers 
of  short  documents,  whenever  needed, 
at  or  close  to  the  point  of  consumption, 
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that  will  be  read  by  one  or  two  people 
and  then  discarded. 

This  emphasis  provides  a  new  and  more 
stable  rationale  for  our  premise  in  the 
1992  article:  that  it  makes  sense  to  treat 
printers  like  PCs,  as  devices  distributed 
over  a  network.  It  also  erases  the  lines  be¬ 
tween  copying,  printing  and  faxing,  since 
from  a  display  point  of  view,  all  these  tech¬ 
nologies  raise  the  same  issues  (speed,  res¬ 
olution  and  price).  A  device  that  prints  dig¬ 
ital  files  doesn’t  care  which  technology 
generated  them  or  whether  they  were 
transmitted  across  a  network  or  created 
internally  by  a  built-in  scanner. 

There  is  one  question  still  up  in  the  air: 
What  is  the  optimal  ratio  of  printing  de¬ 
vices  per  employee  for  a  given  enterprise? 
Xerox  believes  that  at  least  with  current 
technology,  economies  of  scale  and  ver¬ 
satility  still  matter.  “Smaller  printers  are 
cheap,  but  the  cartridges  are  not,”  says 
Art  Smith,  vice  president  of  Worldwide 
Software  Solutions  at  Xerox  Office  Sys¬ 
tems  Group.  (He  estimates  that  a  large 
machine  can  print  at  half  the  cost  per  page 
of  smaller  models.)  Companies  such  as 
Lexmark  represent  the  other  end  of  the 
spectrum.  They  imagine  devices  similar 
to  a  distribution  of  devices  so  dense  that 
it  approaches  that  of  fax  machines  today. 
From  an  IT  manager’s  point  of  view,  both 
ends  assume  a  high  degree  of  network 
integration,  with  features  such  as  auto¬ 
mated  management  of  driver  libraries, 
networkwide  access  to  status  messages,  a 
faxlike  system  for  matching  jobs  to  loca¬ 
tions,  and  potentially,  support  for  wire¬ 
less  inputs  and  kiosk-based  printing.  Tools 
to  manage  these  issues,  like  Novell’s  iPrint, 
are  beginning  to  emerge. 

It  may  be  only  a  coincidence  that  the 
reemergence  of  paper-based  printing  coin¬ 
cides  with  the  collapse  of  tech  stocks.  But 
given  the  digital  triumph  that  many  of 
these  formerly  high-flying  stocks  embod¬ 
ied,  it  is  certainly  fitting.  SEI 
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Time  to 
Videoconference 

I  RECENTLY  HAD  an  important  business  meeting  in  New  Jersey.  Before 
Sept.  11,  I  would  have  flown  the  250  miles.  But  my  plans 
changed.  I  drove  the  four  hours  to  the  meeting  and  returned 
the  same  day.  Are  my  actions  out  of  the  ordinary?  Not  accord¬ 
ing  to  Netscape.com.  In  the  days  following  the  terrorist  attacks 
on  Sept.  11,  Netscape  asked  more  than  5,000  people  how  they 
would  travel  to  their  next  distant  meeting.  Fifty-three  percent 
said  they  would  fly;  47  percent  opted  to  drive.  None  voted  for 
videoconferencing. 

The  lack  of  interest  in  videoconferencing  surprised  me  until 
I  started  to  think  about  it. 

Videoconferencing  technology — and  by  that  I  mean  really 
good  videoconferencing  technology — remains  the  exclusive 
domain  of  large  businesses  and  the  9  percent  of  American 
households  that  can  afford  high-speed  Internet  access. 

This  shouldn’t  be  the  case. 

For  many  years,  the  technology  has  allowed  businesses  and 
households  to  enjoy  what  the  industry  calls  a  rich  experience, 
but  the  widespread  deployment  of  videoconferencing  technol¬ 
ogy  has  been  curtailed  by  the  political  infighting  between  long¬ 
distance  and  local  telephone  companies.  Long-distance  tele¬ 
coms,  which  make  most  of  their  profits  from  large  businesses, 


want  to  expand  their  reach  to  consumers.  Local  telecoms  are 
regulated  monopolies  reaping  profits  from  households.  Each 
wants,  and  needs,  the  other  sector’s  customers  to  grow.  And 
each  has  the  wherewithal  to  offer  those  services  tomorrow. 

Six  years  ago  I  asked  a  local  telephone  company  worker 
what  type  of  cable  he  was  laying  in  front  of  a  friend’s  home. 
Of  course,  he  was  laying  down  fiber-optic  cable  capable  of 
transmitting  data  and  video  images  at  very  fast  rates. 

That  cable  remains  buried  in  front  of  my  friend’s  home.  And 
the  local  telephone  company  continues  to  claim  it  cannot  offer 
him  high-speed  services. 

The  events  of  Sept.  1 1  shook  the  world,  the  economy  and 
hopefully  both  sectors  of  the  telecom  industry.  In  the  near 
future,  businesses  that  want  to  save  costs  by  curtailing  non- 
essential  travel — and  families  that  wish  to  remain  in  touch 
with  relatives  and  friends  but  are  afraid  to  fly — will  combine 
to  create  a  huge  economic  opportunity  for  players  in  the  video- 
conferencing  market. 

Insiders  in  the  telecommunications  industry  would  be  wise  to 
find  ways  to  make  high-speed,  low-cost  access  to  our  nation’s 
telecom  infrastructure  as  ubiquitous  as  air. 

Or  shareholders  just  might  turn  them  into  outsiders. 
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With  X.HLP,  you’re  just  48  hours  from  training  your  employees  with  unique  content. 

in  today’s  vicious  economy,  profit  is  king,  and  timing  is  everything.  Maximizing  employee  value 
and  productivity  is  critical.  But  the  cost  and  time  it  takes  to  train  your  people  always  seem  to 
outweigh  the  benefits.  Until  now.  With  the  X.HLP  Adaptive  Learning  Platform  you  can  be  training 
your  employees  and  customers  with  your  content  in  just  48  hours.  Guaranteed.  Not  only  does  this 
save  you  substantial  time  and  money,  but  X.HLP  solutions  actually  train  your  employees  more 
effectively.  They’ll  retain  more,  faster— and  your  business  will  reap  the  rewards  even  sooner. 
To  learn  more,  visit  our  Web  site  at  www.xhlp.com/48hours  for  a  free  demo.  Or  call  us  today  at  our 
US  Corporate  Office,  (001)  781-663-7500  or  our  UK  Office,  (+44)  (0)  207  394  4306. 


X.HLP 


Interview 

BY  DEREK  SLATER 


Elizabeth  Shuttleworth  is  executive  vice 
president  of  operations  and  CIO  at  Radian 
Guaranty,  a  mortgage  insurance  provider 
in  Philadelphia.  Previously,  she  was  CIO 
of  pickle-maker  Vlasic  Foods  International. 
Before  that,  she  worked  for  SmithKline 
Beecham  and  Bell  Atlantic,  and  earlier  still 
at  Computer  Horizons  in  South  Africa.  CIO 
talked  to  Shuttleworth  about  changing 
industries.  She’s  done  that  a  lot  and  evi¬ 
dently  has  kept  her  sense  of  humor. 

CIO:  Industry  knowledge  is  so  important 
for  today’s  CIOs.  How  do  you  ramp  up  your 
knowledge  for  a  new  gig? 

Shuttleworth:  You  have  to  learn  very 
quickly.  Really  it’s  reading,  reading,  read¬ 
ing.  Each  industry  has  its  own  rags;  the 
ones  in  this  industry  are  a  little  dull. 
There’s  one  called  Secondary  Market 
Executive  that  I  try  not  to  read  too  much. 
[Secondary  market  executives]  do  very 
heavy-duty  structured  transactions.  Here 
they’ve  been  very  good;  I’ve  brought  in  a 
lot  of  new  staff,  and  we’ve  done  lunch 
together  so  that  people  can  share  exper- 


tise  and  plans.  The  businesspeople  need 
to  get  to  know  our  group  and  what  we’re 
going  to  do  for  them,  and  we  need  to 
understand  what  they’re  doing. 

You  [have  to]  ask  a  lot  of  questions  too.  I 
tell  my  staff,  “Go  into  a  project  as  if  you 
know  nothing  about  it.”  You  get  much  bet¬ 
ter  specifications  or  requirements  if  you  ask 
questions  instead  of  making  assumptions. 
Any  key  differences  between  your  work  at 
Radian  and  at  Vlasic  Foods? 

At  Vlasic,  everything  was  supply  chain  opti¬ 
mization.  That  was  the  most  crucial  piece. 
Here  you  have  a  supply  chain,  but  it’s  vir¬ 
tual.  I  also  have  [responsibility  for]  opera¬ 
tions  here.  We  do  manufacture  something 
in  a  sense — paper.  A  mortgage  certificate, 
instead  of  a  jar  of  pickles. 

What  motivated  the  switch? 

The  food  business  is  very  old  and  staid,  and 
the  opportunities  to  change  how  you  do 


business  are  few.  What  really  interested  me 
about  this  job  was  putting  IT  and  opera¬ 
tions  together.  I  wanted  to  work  for  a  com¬ 
pany  that  “gets  it.”  Here  I  don’t  feel  like 
I’m  dragging  people  along;  instead  they’re 
pushing  me  to  deliver  as  fast  as  possible. 

So  you  don’t  find  this  kind  of  industry  tran¬ 
sition  intimidating  at  all? 

The  things  that  keep  you  awake  at  night 
are  very  much  the  same.  A  mobile  user  is  a 
mobile  user,  and  the  issues  they  face  are  the 
same  whether  you’re  at  an  insurance  com¬ 
pany  or  a  food  company.  In  every  business, 
you  put  something  in,  move  it  around  a  bit 
and  put  it  back  out.  That’s  what  we  do  here; 
we  take  data  in,  move  it  around  and  put  it 
back  out  again.  When  you  boil  it  down  like 
that,  it’s  not  so  hard. 


E-mail  your  industry-hopping  stories  to  Executive 
Editor  Derek  Slater  at  dslater@cio.com. 
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Do  you  have  the 


over  your  IT  infrastructure? 


With  fourteen  operating  systems,  multiple  chip  architectures  and  a  tangle 
of  middleware  to  deal  with,  it’s  no  wonder  only  IBM  can  “integrate”  their 
systems.  Which  means  you’ll  pay- and  pay-for  their  monopoly  on  service. 
Because  with  their  closed,  complex  systems,  they  control  it  all. 


Interested  in  actually  lowering  your  TCO  (and  who  isn’t)?  Sun  systems  run 
on  one  chip  architecture  and  a  single  operating  environment,  so  you  can 
scale  from  under-$l,000  desktop  systems  to  over-$10-million  data  center 
systems  without  breaking  a  sweat  (something  you  won't  find  at  IBM). 
Imagine  running  the  same  applications,  the  same  middleware  (directory, 
portal,  app  server,  etc.)  and  the  same  administrative  framework  across  your 
entire  IT  environment.  Now  imagine  using  a  single  set  of  tools  to  develop 
those  applications.  That  means  no  recoding,  no  retraining  and  no  expensive 
consultants  to  come  in  and  “manage”  it  all  for  you.  You  can  even  share  the 
same  system  components  between  your  midrange  and  data  center-class 
systems.  That’s  how  you  lower  your  total  cost  of  ownership.  Big  time. 


So  you  have  two  choices:  a  costly,  closed  and  complex  environment  from 
IBM  or  one  simple,  cost-effective  alternative  from  Sun.  You  decide. 
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take  it  to  the  n'" 


microsystems 


TAKE  ADVANTAGE  OF  KINGSTON’S  AGGRESSIVE  PRICING 
ON  256MB  MODULES. 

•  Add  more  memory  and  increase  performance* 

•  Meet  the  demands  of  Microsoft  XP  with  a  256MB  upgrade 

•  Get  quality  components,  100%  testing  and  a  lifetime  warranty 

•  Insure  compatibility  with  over  2,000  products  for  more  than  9,000  systems 


Run  with  the  big  dogs.  Contact  Kingston®  at  (800)  251-9405  or  visit  www.kingston.com/256MB  to  see  what  a  difference  256MB 
can  make. 


17600  Newhope  Street,  Fountain  Valley,  CA  92708  USA  (714)  435-2600  Fax  (714)  435-2699.  ©  2001  Kingston  Technology  Company,  Inc. 

All  rights  reserved.  All  trademarks  and  registered  trademarks  are  the  property  of  their  respective  owners.  ‘Performance  gain  may  vary  based  on  systems  and  applications  used. 
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